The branch, v4-6-test has been updated
via c13244a cleanupdb: Fix a memory read error
via b8c11db s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in
shadow_copy2_strip_snapshot
via 0a84f16 s3:vfs:shadow_copy2: fix the corner case if cwd=/ in
make_relative_path
via 222aa4a s3:vfs:shadow_copy2: fix quoting in debug messages
via 312fb3b pam_winbind: no longer use wbcUserPasswordPolicyInfo when
authenticating
from 12c24f3 s3:smbd: Fix incorrect use of sys_getgroups()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test
- Log -----------------------------------------------------------------
commit c13244a42c7cd4adeffa9c8125bcc5652e504b66
Author: Hanno Böck <ha...@hboeck.de>
Date: Wed Apr 19 14:00:21 2017 +0200
cleanupdb: Fix a memory read error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12748
Signed-off-by: Hanno Böck <ha...@hboeck.de>
Reviewed-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
(cherry picked from commit fd98a7b6a0053b62802e29fb729e219dc08eef6b)
Autobuild-User(v4-6-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-6-test): Fri Apr 21 13:59:21 CEST 2017 on sn-devel-144
commit b8c11dbfd1d408c949e7bf71bd2687aef8267ffc
Author: Michael Adam <ob...@samba.org>
Date: Tue Apr 11 12:03:52 2017 +0200
s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in
shadow_copy2_strip_snapshot
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 26661218b3d3f0d4ee89039727bc110e972c2851)
The last 3 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12743
vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend
commit 0a84f1678180a8a2653f745a276de49d698330d2
Author: Michael Adam <ob...@samba.org>
Date: Tue Apr 11 12:03:20 2017 +0200
s3:vfs:shadow_copy2: fix the corner case if cwd=/ in make_relative_path
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit 16c89835cf07caa2082b586666095deba38ef962)
commit 222aa4a9794502b1e6b622b949133830bf94b8a9
Author: Michael Adam <ob...@samba.org>
Date: Tue Apr 11 11:18:30 2017 +0200
s3:vfs:shadow_copy2: fix quoting in debug messages
Signed-off-by: Michael Adam <ob...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
(cherry picked from commit fffd611fdc558ab428c8a21cf1e68feaf1f6f469)
commit 312fb3bfe1f2965a128d12d7e936e9b86016a719
Author: Stefan Metzmacher <me...@samba.org>
Date: Mon Apr 3 00:19:25 2017 +0200
pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating
The expiry time for the specific user comes from
info->pass_must_change_time and nothing else.
The authenticating DC knows which password policy applies
to the user, that's nothing the client can do, as
domain trusts and fine-grained password policies makes
this a very complex task.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Christof Schmitt <c...@samba.org>
(cherry picked from commit fba7ed9a3fa6fcb2d90d1271ae81ec11b554bd2d)
-----------------------------------------------------------------------
Summary of changes:
nsswitch/pam_winbind.c | 58 ++++++++------------------------------
source3/lib/cleanupdb.c | 2 +-
source3/modules/vfs_shadow_copy2.c | 17 +++++++----
3 files changed, 24 insertions(+), 53 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index dca2c29..26a9e8d 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1004,7 +1004,6 @@ static bool _pam_send_password_expiry_message(struct
pwb_context *ctx,
static void _pam_warn_password_expiry(struct pwb_context *ctx,
const struct wbcAuthUserInfo *info,
- const struct wbcUserPasswordPolicyInfo
*policy,
int warn_pwd_expire,
bool *already_expired,
bool *change_pwd)
@@ -1012,7 +1011,7 @@ static void _pam_warn_password_expiry(struct pwb_context
*ctx,
time_t now = time(NULL);
time_t next_change = 0;
- if (!info || !policy) {
+ if (info == NULL) {
return;
}
@@ -1044,23 +1043,6 @@ static void _pam_warn_password_expiry(struct pwb_context
*ctx,
return;
}
- /* now check for the global password policy */
- /* good catch from Ralf Haferkamp: an expiry of "never" is translated
- * to -1 */
- if ((policy->expire == (int64_t)-1) ||
- (policy->expire == 0)) {
- return;
- }
-
- next_change = info->pass_last_set_time + policy->expire;
-
- if (_pam_send_password_expiry_message(ctx, next_change, now,
- warn_pwd_expire,
- already_expired,
- change_pwd)) {
- return;
- }
-
/* no warning sent */
}
@@ -1696,23 +1678,17 @@ static int winbind_auth_request(struct pwb_context *ctx,
const int warn_pwd_expire,
struct wbcAuthErrorInfo **p_error,
struct wbcLogonUserInfo **p_info,
- struct wbcUserPasswordPolicyInfo **p_policy,
time_t *pwd_last_set,
char **user_ret)
{
wbcErr wbc_status;
-
struct wbcLogonUserParams logon;
char membership_of[1024];
uid_t user_uid = -1;
- uint32_t flags = WBFLAG_PAM_INFO3_TEXT |
- WBFLAG_PAM_GET_PWD_POLICY;
-
+ uint32_t flags = WBFLAG_PAM_INFO3_TEXT;
struct wbcLogonUserInfo *info = NULL;
struct wbcAuthUserInfo *user_info = NULL;
struct wbcAuthErrorInfo *error = NULL;
- struct wbcUserPasswordPolicyInfo *policy = NULL;
-
int ret = PAM_AUTH_ERR;
int i;
const char *codes[] = {
@@ -1845,7 +1821,7 @@ static int winbind_auth_request(struct pwb_context *ctx,
&logon,
&info,
&error,
- &policy);
+ NULL);
ret = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
user, "wbcLogonUser");
wbcFreeMemory(logon.blobs);
@@ -1863,10 +1839,6 @@ static int winbind_auth_request(struct pwb_context *ctx,
*p_info = info;
}
- if (p_policy && policy) {
- *p_policy = policy;
- }
-
if (p_error && error) {
/* We want to process the error in the caller. */
*p_error = error;
@@ -1881,13 +1853,13 @@ static int winbind_auth_request(struct pwb_context *ctx,
}
}
- if ((ret == PAM_SUCCESS) && user_info && policy && info) {
+ if ((ret == PAM_SUCCESS) && user_info && info) {
bool already_expired = false;
bool change_pwd = false;
/* warn a user if the password is about to expire soon */
- _pam_warn_password_expiry(ctx, user_info, policy,
+ _pam_warn_password_expiry(ctx, user_info,
warn_pwd_expire,
&already_expired,
&change_pwd);
@@ -1895,15 +1867,15 @@ static int winbind_auth_request(struct pwb_context *ctx,
if (already_expired == true) {
SMB_TIME_T last_set = user_info->pass_last_set_time;
+ SMB_TIME_T must_set = user_info->pass_must_change_time;
_pam_log_debug(ctx, LOG_DEBUG,
"Password has expired "
"(Password was last set: %lld, "
- "the policy says it should expire here "
+ "it must be changed here "
"%lld (now it's: %ld))\n",
(long long int)last_set,
- (long long int)last_set +
- policy->expire,
+ (long long int)must_set,
(long)time(NULL));
return PAM_AUTHTOK_EXPIRED;
@@ -1942,9 +1914,6 @@ static int winbind_auth_request(struct pwb_context *ctx,
if (info && !p_info) {
wbcFreeMemory(info);
}
- if (policy && !p_policy) {
- wbcFreeMemory(policy);
- }
return ret;
}
@@ -2741,8 +2710,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* Now use the username to look up password */
retval = winbind_auth_request(ctx, real_username, password,
member, cctype, warn_pwd_expire,
- NULL, NULL, NULL,
- NULL, &username_ret);
+ NULL, NULL, NULL, &username_ret);
if (retval == PAM_NEW_AUTHTOK_REQD ||
retval == PAM_AUTHTOK_EXPIRED) {
@@ -3152,7 +3120,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
ret = winbind_auth_request(ctx, user, pass_old,
NULL, NULL, 0,
- &error, NULL, NULL,
+ &error, NULL,
&pwdlastset_prelim, NULL);
if (ret != PAM_ACCT_EXPIRED &&
@@ -3260,7 +3228,6 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
const char *cctype = NULL;
int warn_pwd_expire;
struct wbcLogonUserInfo *info = NULL;
- struct wbcUserPasswordPolicyInfo *policy = NULL;
member = get_member_from_config(ctx);
cctype = get_krb5_cc_type_from_config(ctx);
@@ -3276,7 +3243,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
ret = winbind_auth_request(ctx, user, pass_new,
member, cctype, 0,
- &error, &info, &policy,
+ &error, &info,
NULL, &username_ret);
pass_old = pass_new = NULL;
@@ -3290,7 +3257,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
/* warn a user if the password is about to
* expire soon */
- _pam_warn_password_expiry(ctx, user_info,
policy,
+ _pam_warn_password_expiry(ctx, user_info,
warn_pwd_expire,
NULL, NULL);
@@ -3316,7 +3283,6 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
wbcFreeMemory(info->blobs);
}
wbcFreeMemory(info);
- wbcFreeMemory(policy);
goto out;
}
diff --git a/source3/lib/cleanupdb.c b/source3/lib/cleanupdb.c
index 8832abe..7bf7c7e 100644
--- a/source3/lib/cleanupdb.c
+++ b/source3/lib/cleanupdb.c
@@ -61,7 +61,7 @@ bool cleanupdb_store_child(const pid_t pid, const bool
unclean)
struct cleanup_key key = { .pid = pid };
struct cleanup_rec rec = { .pid = pid, .unclean = unclean };
TDB_DATA tdbkey = { .dptr = (uint8_t *)&key, .dsize = sizeof(key) };
- TDB_DATA tdbdata = { .dptr = (uint8_t *)&key, .dsize = sizeof(rec) };
+ TDB_DATA tdbdata = { .dptr = (uint8_t *)&rec, .dsize = sizeof(rec) };
int result;
db = cleanup_db();
diff --git a/source3/modules/vfs_shadow_copy2.c
b/source3/modules/vfs_shadow_copy2.c
index 2afc595..7cacac8 100644
--- a/source3/modules/vfs_shadow_copy2.c
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -444,7 +444,11 @@ static bool make_relative_path(const char *cwd, char
*abs_path)
if (memcmp(abs_path, cwd, cwd_len) != 0) {
return false;
}
- if (abs_path[cwd_len] != '/' && abs_path[cwd_len] != '\0') {
+ /* The cwd_len != 1 case is for $cwd == '/' */
+ if (cwd_len != 1 &&
+ abs_path[cwd_len] != '/' &&
+ abs_path[cwd_len] != '\0')
+ {
return false;
}
if (abs_path[cwd_len] == '/') {
@@ -667,10 +671,11 @@ static bool
shadow_copy2_strip_snapshot_internal(TALLOC_CTX *mem_ctx,
* with a path prefix.
*/
if (pstripped != NULL) {
- if (len_before_gmt > 0) {
+ if (len_before_gmt > 1) {
/*
- * There is a slash before
- * the @GMT-. Remove it.
+ * There is a path (and not only a slash)
+ * before the @GMT-. Remove the trailing
+ * slash character.
*/
len_before_gmt -= 1;
}
@@ -684,7 +689,7 @@ static bool shadow_copy2_strip_snapshot_internal(TALLOC_CTX
*mem_ctx,
if (make_relative_path(priv->shadow_cwd,
stripped) == false) {
DEBUG(10, (__location__ ": path '%s' "
- "doesn't start with cwd '%s\n",
+ "doesn't start with cwd '%s'\n",
stripped, priv->shadow_cwd));
ret = false;
errno = ENOENT;
@@ -726,7 +731,7 @@ static bool shadow_copy2_strip_snapshot_internal(TALLOC_CTX
*mem_ctx,
if (make_relative_path(priv->shadow_cwd,
stripped) == false) {
DEBUG(10, (__location__ ": path '%s' "
- "doesn't start with cwd '%s\n",
+ "doesn't start with cwd '%s'\n",
stripped, priv->shadow_cwd));
ret = false;
errno = ENOENT;
--
Samba Shared Repository
