The branch, v4-8-test has been updated via 98fb60b s3:modules: fix the build of vfs_aixacl2.c via 74da4c8 ldb/tests: avoid 'return void_function();' which isn't portable via 8c0a598 lib/crypto: avoid 'return void_function();' which isn't portable via 08d5ade s3:modules: make virusfilter_io_connect_path() more portable via deb624c s3:modules: fix the picky-developer build of vfs_virusfilter.c on FreeBSD 11 via bade8dc vfs_virusfilter: Fix CID 1428738 Macro compares unsigned to 0 via 932bdb2 vfs_virusfilter: Fix CID 1428740 Macro compares unsigned to 0 via c703cfb vfs_virusfilter: Fix CID 1428739 Buffer not null terminated via 9e1b535 nsswitch: fix the developer build of nsswitch/wins.c on freebsd 11 via f0aa869 nsswitch: add some const to _nss_winbind_initgroups_dyn() prototype via 5cc7432 nsswitch: maintain prototypes for the linux based functions only once via 63d9b53 lib/replace: define __[u]intptr_t_defined if we prove an replacement via f11278f s3:passdb: Do not return OK if we don't have pinfo set up via cd2cc69 lib/util: remove unused '#include <sys/syscall.h>' from tests/tfork.c via f8abea5 winbindd: add retry to _winbind_SendToSam via 71eb2d9 winbindd: add retry to _winbind_DsrUpdateReadOnlyServerDnsRecords via ce6357b winbindd: add retry to _wbint_DsGetDcName via f9ccb90 winbindd: add retry to _wbint_LookupSids() via 6e1018e winbindd: use reset_cm_connection_on_error() instead of dcerpc_binding_handle_is_connected() via 5bf61b0 winbindd: fix logic calling dcerpc_binding_handle_is_connected() via c4fd5a3 winbindd: call dcerpc_binding_handle_is_connected() from reset_cm_connection_on_error() via cde7022 winbindd: force netlogon reauth for certain errors in reset_cm_connection_on_error() via 7d9aa1d winbindd: call reset_cm_connection_on_error() from reconnect_need_retry() via 4d2968c winbindd: make reset_cm_connection_on_error() public via 5c701c4 winbindd: check for NT_STATUS_IO_DEVICE_ERROR in reset_cm_connection_on_error() via 586a0ff winbindd: add and use ldap_reconnect_need_retry() in winbindd_reconnect_ads.c via 1e60ca5 winbind: Keep "force_reauth" in invalidate_cm_connection via ad0b42a winbind: Add smbcontrol disconnect-dc via ade0d54 utils: Add destroy_netlogon_creds_cli from c45c96e smbclient: Handle ENUM_DIR in "notify" command
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log ----------------------------------------------------------------- commit 98fb60b1ee32406a0705a831dd2207efca5160e8 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Mar 21 07:48:16 2018 +0100 s3:modules: fix the build of vfs_aixacl2.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=13345 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Tue Apr 3 20:18:58 CEST 2018 on sn-devel-144 (cherry picked from commit 702665cc52d5dc05ae636519e1ffe9c296f5ef77) Autobuild-User(v4-8-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-8-test): Fri Apr 20 16:53:16 CEST 2018 on sn-devel-144 commit 74da4c879a1db1bd9ebac9df9bcfee00fa762015 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Mar 21 07:33:16 2018 +0100 ldb/tests: avoid 'return void_function();' which isn't portable BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> (cherry picked from commit 666dda907b7f190b2dff1f2639bd2518240b9fb2) commit 8c0a598b035295713ce0c2c0df444ac01b336b68 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Mar 21 07:33:16 2018 +0100 lib/crypto: avoid 'return void_function();' which isn't portable BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> (cherry picked from commit 7ae77db3b29ef08e1f74aa413049b995a598a5dd) commit 08d5ade345c2a4d92512dfe1e3019ab54e5473b6 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Mar 21 07:25:11 2018 +0100 s3:modules: make virusfilter_io_connect_path() more portable We have existing utility functions to prepare a socket. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> (cherry picked from commit 74278a70389e2479d80ec5c88b01a09c141e8d39) commit deb624c8939fbd4a41b690ec410caa377ddf0bfd Author: Stefan Metzmacher <me...@samba.org> Date: Tue Mar 20 12:10:01 2018 +0100 s3:modules: fix the picky-developer build of vfs_virusfilter.c on FreeBSD 11 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> (cherry picked from commit fb7b67af984812784756574df4f0fb55d472181b) commit bade8dc3ccd1be5dba7d1dd61081a0763f770715 Author: Volker Lendecke <v...@samba.org> Date: Tue Jan 30 12:37:30 2018 +0100 vfs_virusfilter: Fix CID 1428738 Macro compares unsigned to 0 vsnprintf returns "int" and not "size_t" Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Jan 31 05:28:48 CET 2018 on sn-devel-144 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343 (cherry picked from commit 21eb5169f46b8d819a5d5d028baff581e4e63de6) commit 932bdb2052d21b70ecb6e473a7174c9cb3acad21 Author: Volker Lendecke <v...@samba.org> Date: Tue Jan 30 12:36:14 2018 +0100 vfs_virusfilter: Fix CID 1428740 Macro compares unsigned to 0 vsnprintf returns "int" and not "size_t" Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343 (cherry picked from commit 734404bbe911fd4aa6565b2a2aaecab4fbbf3c45) commit c703cfb4c1cbeae9827594f59a2e02f78eafd101 Author: Volker Lendecke <v...@samba.org> Date: Tue Jan 30 12:34:11 2018 +0100 vfs_virusfilter: Fix CID 1428739 Buffer not null terminated Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13343 (cherry picked from commit 8a4409c956bdbe5d928e685b7c219566d467a627) commit 9e1b535d10b1cc3d8aa1fffa4cd33bba4d97a009 Author: Stefan Metzmacher <me...@samba.org> Date: Sat Oct 21 14:15:12 2017 +0200 nsswitch: fix the developer build of nsswitch/wins.c on freebsd 11 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> (cherry picked from commit dc160247d13e2c63574a7e7ec7720fc4c690483b) commit f0aa869b1b2f136d046a8d22634cbc77bbb2d14a Author: Stefan Metzmacher <me...@samba.org> Date: Sat Oct 21 14:14:34 2017 +0200 nsswitch: add some const to _nss_winbind_initgroups_dyn() prototype BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> (cherry picked from commit d5be3b3279162005d9ebea2eda71d455e4c48739) commit 5cc7432b1d160c9406e093792b9e3cd310318b2c Author: Stefan Metzmacher <me...@samba.org> Date: Sat Oct 21 14:08:15 2017 +0200 nsswitch: maintain prototypes for the linux based functions only once BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> (cherry picked from commit b8c30abb02f461f16af4da83eecd173993974dc1) commit 63d9b5323d74eada4ba2cd7b9aa1819e1b38779e Author: Stefan Metzmacher <me...@samba.org> Date: Tue Mar 20 21:46:12 2018 +0100 lib/replace: define __[u]intptr_t_defined if we prove an replacement BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Björn Jacke <bja...@samba.org> (cherry picked from commit 329a229af3c3c9475b9254ca68c413ec18fa3b71) commit f11278fa9b9a91f2b6f73138a774034eb6048079 Author: Andreas Schneider <a...@samba.org> Date: Tue Apr 17 08:55:23 2018 +0200 s3:passdb: Do not return OK if we don't have pinfo set up This prevents a crash in fill_mem_keytab_from_secrets() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13376 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 99859479fc6e12b2f74ce2dfa83da56d8b8f3d26) commit cd2cc69eb46e561155856355c513b3acdb6af9dc Author: Stefan Metzmacher <me...@samba.org> Date: Tue Mar 20 16:49:30 2018 +0100 lib/util: remove unused '#include <sys/syscall.h>' from tests/tfork.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=13342 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (cherry picked from commit f2ff61ce9e8ab56d8a69fce29c9f214d5d98f89e) commit f8abea57ec7c143cf793f502793a411f5cdd17f1 Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 19:54:37 2018 +0100 winbindd: add retry to _winbind_SendToSam Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Thu Mar 15 20:57:44 CET 2018 on sn-devel-144 (cherry picked from commit c37fbfcb248e5a8d6088a28eb0c1a62423f94502) commit 71eb2d9c2a41cf40e084f2e4ce98c56211ae1382 Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 19:53:53 2018 +0100 winbindd: add retry to _winbind_DsrUpdateReadOnlyServerDnsRecords Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit e608f058b8f2d2295e24498daa35852de3212b23) commit ce6357b678dc0f16fc661a543a5298ddf17eac70 Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 19:53:26 2018 +0100 winbindd: add retry to _wbint_DsGetDcName Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit fcf8edf9b8cdf5f3897c1a63ed97c302a231742f) commit f9ccb90f2322529af882d244111728df66661010 Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 17:09:34 2018 +0100 winbindd: add retry to _wbint_LookupSids() Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit c2cd2d3f3137e27cd6e4cabd34f27b49251f078d) commit 6e1018e5887031a011d34cb2817c6818fbd7036c Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 16:53:49 2018 +0100 winbindd: use reset_cm_connection_on_error() instead of dcerpc_binding_handle_is_connected() This catches more errors and triggers retry as appropriate. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 6244a2beb184de8d050389e304f087ef153d61dd) commit 5bf61b01164afec5678818cdfd5e1980ddc37acc Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 16:15:02 2018 +0100 winbindd: fix logic calling dcerpc_binding_handle_is_connected() The calls were missing the negation operator, a retry should be attempted is the binding handle got somehow disconnected behind the scenes and is NOT connected. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 08718af36f3ed6cf2308beb3800abfb0414f94b9) commit c4fd5a390dfb6dbc4def7de110102008a765db85 Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 16:11:37 2018 +0100 winbindd: call dcerpc_binding_handle_is_connected() from reset_cm_connection_on_error() To consolidate the error handling for RPC calls, add the binding handle as an additional argument to reset_cm_connection_on_error(). All callers pass NULL for now, so no change in behaviour up to here. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 966ff3793a867a5ffe1a49e48c8ab3ecb02f8359) commit cde7022ccb868d0139f1104729a0f2c4db5ff740 Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 13:39:59 2018 +0100 winbindd: force netlogon reauth for certain errors in reset_cm_connection_on_error() NT_STATUS_RPC_SEC_PKG_ERROR is returned by the server if the server doesn't know the server-side netlogon credentials anymore, eg after a reboot. If this happens we must force a full netlogon reauth. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Volker Lendecke <v...@samba.org> Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 2d1f00cc3ad77bed4e810dc910979e6cdf582216) commit 7d9aa1d560f9e061665a67c6fe8fc0fea357ca17 Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 12:20:04 2018 +0100 winbindd: call reset_cm_connection_on_error() from reconnect_need_retry() This ensures we use the same disconnect logic in the reconnect backend, which calls reconnect_need_retry(), and in the dual_srv frontend which calls reset_cm_connection_on_error. Both reset_cm_connection_on_error() and reconnect_need_retry() are very similar, both return a bool indicating whether a retry should be attempted, unfortunately the functions have a different default return, so I don't dare unifying them, but instead just call one from the other. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 2837b796af3e491b6bb34bd441758ae214f629ee) commit 4d2968cb1513c54ce5eca7f1ef43fe0e8dd77f41 Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 11:29:22 2018 +0100 winbindd: make reset_cm_connection_on_error() public Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 17749a5d9fa08da1c61de45728656a2c9b85782d) commit 5c701c461676a37b57f6b628e3729e8366699dda Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 11:12:34 2018 +0100 winbindd: check for NT_STATUS_IO_DEVICE_ERROR in reset_cm_connection_on_error() reconnect_need_retry() already checks for this error, it surfaces up from tstream_smbXcli_np as a mapping for EIO. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit a33c1d25e0422483c903001dd246626f84c4cbc1) commit 586a0ff38fa43ee837d10c982a480449d53ba88d Author: Ralph Boehme <s...@samba.org> Date: Mon Mar 12 13:30:01 2018 +0100 winbindd: add and use ldap_reconnect_need_retry() in winbindd_reconnect_ads.c ldap_reconnect_need_retry() is a copy of reconnect_need_retry() minus the RPC connection invalidation. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit a8d5e4d36768bc199c631626488b2d0acbd6e91a) commit 1e60ca513b5c46ba2cd28a70237719eb0b32c6fe Author: Volker Lendecke <v...@samba.org> Date: Wed Feb 28 15:09:28 2018 +0000 winbind: Keep "force_reauth" in invalidate_cm_connection Right now I don't see a way to actually force a re-serverauth from the client side as long as an entry in netlogon_creds_cli.tdb exists. cm_connect_netlogon goes through invalidate_cm_connection, and this wipes our wish to force a reauthenticatoin. Keep this intact until we actually did reauthenticate. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 4b7a9d560a51b51ac88f30276c87edc097b00d0b) commit ad0b42ae90e8409133227666bb6cb0972cf96d44 Author: Volker Lendecke <v...@samba.org> Date: Wed Feb 28 15:08:44 2018 +0000 winbind: Add smbcontrol disconnect-dc Make a winbind child drop all DC connections Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> (backported from commit 0af88b98e7e1bba14827305257e77b63dc82d902) commit ade0d54563fd11f1ca4cbae7d9550504b24473c7 Author: Volker Lendecke <v...@samba.org> Date: Wed Feb 28 07:59:08 2018 +0000 utils: Add destroy_netlogon_creds_cli This is a pure testing utility that will garble the netlogon_creds_cli session_key. This creates a similar effect to our schannel credentials as does a domain controller reboot. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13332 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit bffae41842fe218959fe6f8b43df694feec1589c) ----------------------------------------------------------------------- Summary of changes: lib/crypto/aes.c | 10 +- lib/ldb/tests/ldb_mod_op_test.c | 8 +- lib/replace/replace.h | 2 + lib/util/tests/tfork.c | 1 - librpc/idl/messaging.idl | 1 + nsswitch/winbind_nss.h | 6 ++ nsswitch/winbind_nss_freebsd.c | 19 ---- nsswitch/winbind_nss_linux.c | 24 +---- nsswitch/winbind_nss_linux.h | 24 ++++- nsswitch/winbind_nss_netbsd.c | 26 ------ nsswitch/winbind_nss_solaris.h | 26 ------ nsswitch/wins.c | 2 +- source3/modules/vfs_aixacl2.c | 5 +- source3/modules/vfs_virusfilter.c | 5 +- source3/modules/vfs_virusfilter_utils.c | 43 +++++---- source3/passdb/machine_account_secrets.c | 2 +- source3/utils/destroy_netlogon_creds_cli.c | 137 +++++++++++++++++++++++++++ source3/utils/smbcontrol.c | 14 +++ source3/utils/wscript_build | 9 ++ source3/winbindd/winbindd.c | 4 + source3/winbindd/winbindd_cm.c | 18 +++- source3/winbindd/winbindd_dual.c | 21 ++++- source3/winbindd/winbindd_dual_srv.c | 144 ++++++++++++++++++----------- source3/winbindd/winbindd_proto.h | 15 +++ source3/winbindd/winbindd_reconnect.c | 8 +- source3/winbindd/winbindd_reconnect_ads.c | 58 ++++++++++-- 26 files changed, 434 insertions(+), 198 deletions(-) create mode 100644 source3/utils/destroy_netlogon_creds_cli.c Changeset truncated at 500 lines: diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c index d16d715..4ff019a 100644 --- a/lib/crypto/aes.c +++ b/lib/crypto/aes.c @@ -236,18 +236,20 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) { if (has_intel_aes_instructions()) { - return AES_encrypt_aesni(in, out, key); + AES_encrypt_aesni(in, out, key); + return; } - return AES_encrypt_rj(in, out, key); + AES_encrypt_rj(in, out, key); } void AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) { if (has_intel_aes_instructions()) { - return AES_decrypt_aesni(in, out, key); + AES_decrypt_aesni(in, out, key); + return; } - return AES_decrypt_rj(in, out, key); + AES_decrypt_rj(in, out, key); } #endif /* SAMBA_RIJNDAEL */ diff --git a/lib/ldb/tests/ldb_mod_op_test.c b/lib/ldb/tests/ldb_mod_op_test.c index 766ca79..0f8642d 100644 --- a/lib/ldb/tests/ldb_mod_op_test.c +++ b/lib/ldb/tests/ldb_mod_op_test.c @@ -1914,22 +1914,22 @@ static void test_ldb_modify_during_search(void **state, bool add_index, static void test_ldb_modify_during_indexed_search(void **state) { - return test_ldb_modify_during_search(state, true, false); + test_ldb_modify_during_search(state, true, false); } static void test_ldb_modify_during_unindexed_search(void **state) { - return test_ldb_modify_during_search(state, false, false); + test_ldb_modify_during_search(state, false, false); } static void test_ldb_rename_during_indexed_search(void **state) { - return test_ldb_modify_during_search(state, true, true); + test_ldb_modify_during_search(state, true, true); } static void test_ldb_rename_during_unindexed_search(void **state) { - return test_ldb_modify_during_search(state, false, true); + test_ldb_modify_during_search(state, false, true); } /* diff --git a/lib/replace/replace.h b/lib/replace/replace.h index 128978c..3304cda 100644 --- a/lib/replace/replace.h +++ b/lib/replace/replace.h @@ -691,10 +691,12 @@ typedef int bool; #if !defined(HAVE_INTPTR_T) typedef long long intptr_t ; +#define __intptr_t_defined #endif #if !defined(HAVE_UINTPTR_T) typedef unsigned long long uintptr_t ; +#define __uintptr_t_defined #endif #if !defined(HAVE_PTRDIFF_T) diff --git a/lib/util/tests/tfork.c b/lib/util/tests/tfork.c index bf642fe..9bcdc2f 100644 --- a/lib/util/tests/tfork.c +++ b/lib/util/tests/tfork.c @@ -32,7 +32,6 @@ #include "lib/util/sys_rw.h" #ifdef HAVE_PTHREAD #include <pthread.h> -#include <sys/syscall.h> #endif static bool test_tfork_simple(struct torture_context *tctx) diff --git a/librpc/idl/messaging.idl b/librpc/idl/messaging.idl index b35f1e1..4bce820 100644 --- a/librpc/idl/messaging.idl +++ b/librpc/idl/messaging.idl @@ -124,6 +124,7 @@ interface messaging MSG_WINBIND_DOMAIN_ONLINE = 0x040B, MSG_WINBIND_DOMAIN_OFFLINE = 0x040C, MSG_WINBIND_RELOAD_TRUSTED_DOMAINS = 0x040D, + MSG_WINBIND_DISCONNECT_DC = 0x040E, /* event messages */ MSG_DUMP_EVENT_LIST = 0x0500, diff --git a/nsswitch/winbind_nss.h b/nsswitch/winbind_nss.h index 05e07ad..e98a961 100644 --- a/nsswitch/winbind_nss.h +++ b/nsswitch/winbind_nss.h @@ -30,6 +30,7 @@ */ #include "nsswitch/winbind_nss_solaris.h" +#include "nsswitch/winbind_nss_linux.h" #elif HAVE_NSS_H @@ -37,6 +38,10 @@ * Linux (glibc) */ +#include <nss.h> + +typedef enum nss_status NSS_STATUS; + #include "nsswitch/winbind_nss_linux.h" #elif HAVE_NS_API_H @@ -60,6 +65,7 @@ */ #include "nsswitch/winbind_nss_netbsd.h" +#include "nsswitch/winbind_nss_linux.h" #else /* Nothing's defined. Neither gnu nor netbsd nor sun nor hp */ diff --git a/nsswitch/winbind_nss_freebsd.c b/nsswitch/winbind_nss_freebsd.c index e283872..f424adb 100644 --- a/nsswitch/winbind_nss_freebsd.c +++ b/nsswitch/winbind_nss_freebsd.c @@ -24,25 +24,6 @@ #include "winbind_client.h" /* Make sure that the module gets registered needed by freebsd 5.1 */ -extern enum nss_status _nss_winbind_getgrent_r(struct group *, char *, size_t, - int *); -extern enum nss_status _nss_winbind_getgrnam_r(const char *, struct group *, - char *, size_t, int *); -extern enum nss_status _nss_winbind_getgrgid_r(gid_t gid, struct group *, char *, - size_t, int *); -extern enum nss_status _nss_winbind_setgrent(void); -extern enum nss_status _nss_winbind_endgrent(void); -extern enum nss_status _nss_winbind_initgroups_dyn(char *, gid_t, long int *, - long int *, gid_t **, long int , int *); - -extern enum nss_status _nss_winbind_getpwent_r(struct passwd *, char *, size_t, - int *); -extern enum nss_status _nss_winbind_getpwnam_r(const char *, struct passwd *, - char *, size_t, int *); -extern enum nss_status _nss_winbind_getpwuid_r(gid_t gid, struct passwd *, char *, - size_t, int *); -extern enum nss_status _nss_winbind_setpwent(void); -extern enum nss_status _nss_winbind_endpwent(void); ns_mtab *nss_module_register(const char *, unsigned int *, nss_module_unregister_fn *); NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c index b5c50ef..442c06e 100644 --- a/nsswitch/winbind_nss_linux.c +++ b/nsswitch/winbind_nss_linux.c @@ -36,28 +36,6 @@ static pthread_mutex_t winbind_nss_mutex = PTHREAD_MUTEX_INITIALIZER; #define MAX_GETPWENT_USERS 250 #define MAX_GETGRENT_USERS 250 -NSS_STATUS _nss_winbind_setpwent(void); -NSS_STATUS _nss_winbind_endpwent(void); -NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, - char *buffer, size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result, - char *buffer, size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_setgrent(void); -NSS_STATUS _nss_winbind_endgrent(void); -NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result, - char *buffer, size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start, - long int *size, gid_t **groups, - long int limit, int *errnop); - /************************************************************************* ************************************************************************/ @@ -1046,7 +1024,7 @@ _nss_winbind_getgrgid_r(gid_t gid, /* Initialise supplementary groups */ NSS_STATUS -_nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start, +_nss_winbind_initgroups_dyn(const char *user, gid_t group, long int *start, long int *size, gid_t **groups, long int limit, int *errnop) { diff --git a/nsswitch/winbind_nss_linux.h b/nsswitch/winbind_nss_linux.h index db5a378..d18799e 100644 --- a/nsswitch/winbind_nss_linux.h +++ b/nsswitch/winbind_nss_linux.h @@ -22,8 +22,26 @@ #ifndef _WINBIND_NSS_LINUX_H #define _WINBIND_NSS_LINUX_H -#include <nss.h> - -typedef enum nss_status NSS_STATUS; +NSS_STATUS _nss_winbind_setpwent(void); +NSS_STATUS _nss_winbind_endpwent(void); +NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer, + size_t buflen, int *errnop); +NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, + char *buffer, size_t buflen, int *errnop); +NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result, + char *buffer, size_t buflen, int *errnop); +NSS_STATUS _nss_winbind_setgrent(void); +NSS_STATUS _nss_winbind_endgrent(void); +NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer, + size_t buflen, int *errnop); +NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer, + size_t buflen, int *errnop); +NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result, + char *buffer, size_t buflen, int *errnop); +NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer, + size_t buflen, int *errnop); +NSS_STATUS _nss_winbind_initgroups_dyn(const char *user, gid_t group, long int *start, + long int *size, gid_t **groups, + long int limit, int *errnop); #endif /* _WINBIND_NSS_LINUX_H */ diff --git a/nsswitch/winbind_nss_netbsd.c b/nsswitch/winbind_nss_netbsd.c index d3a558c..4edf64c 100644 --- a/nsswitch/winbind_nss_netbsd.c +++ b/nsswitch/winbind_nss_netbsd.c @@ -38,32 +38,6 @@ static struct group _winbind_group; static char _winbind_groupbuf[1024]; -/* - * We need a proper prototype for this :-) - */ - -NSS_STATUS _nss_winbind_setpwent(void); -NSS_STATUS _nss_winbind_endpwent(void); -NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, - char *buffer, size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result, - char *buffer, size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_setgrent(void); -NSS_STATUS _nss_winbind_endgrent(void); -NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result, - char *buffer, size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start, - long int *size, gid_t **groups, - long int limit, int *errnop); - int netbsdwinbind_endgrent(void *nsrv, void *nscb, va_list ap) { diff --git a/nsswitch/winbind_nss_solaris.h b/nsswitch/winbind_nss_solaris.h index f0cc099..8e26d0d 100644 --- a/nsswitch/winbind_nss_solaris.h +++ b/nsswitch/winbind_nss_solaris.h @@ -34,30 +34,4 @@ typedef nss_status_t NSS_STATUS; #define NSS_STATUS_UNAVAIL NSS_UNAVAIL #define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN -/* The solaris winbind is implemented as a wrapper around the linux - version. */ - -NSS_STATUS _nss_winbind_setpwent(void); -NSS_STATUS _nss_winbind_endpwent(void); -NSS_STATUS _nss_winbind_getpwent_r(struct passwd* result, char* buffer, - size_t buflen, int* errnop); -NSS_STATUS _nss_winbind_getpwuid_r(uid_t, struct passwd*, char* buffer, - size_t buflen, int* errnop); -NSS_STATUS _nss_winbind_getpwnam_r(const char* name, struct passwd* result, - char* buffer, size_t buflen, int* errnop); - -NSS_STATUS _nss_winbind_setgrent(void); -NSS_STATUS _nss_winbind_endgrent(void); -NSS_STATUS _nss_winbind_getgrent_r(struct group* result, char* buffer, - size_t buflen, int* errnop); -NSS_STATUS _nss_winbind_getgrnam_r(const char *name, - struct group *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, - struct group *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start, - long int *size, gid_t **groups, - long int limit, int *errnop); - #endif /* _WINBIND_NSS_SOLARIS_H */ diff --git a/nsswitch/wins.c b/nsswitch/wins.c index 19d3c5b..72055f0 100644 --- a/nsswitch/wins.c +++ b/nsswitch/wins.c @@ -19,7 +19,7 @@ */ #include "includes.h" -#include "nsswitch/winbind_nss.h" +#include "nsswitch/winbind_client.h" #include "nsswitch/libwbclient/wbclient.h" #ifdef HAVE_NS_API_H diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c index d0cd2c1..e094be1 100644 --- a/source3/modules/vfs_aixacl2.c +++ b/source3/modules/vfs_aixacl2.c @@ -476,7 +476,8 @@ int aixjfs2_sys_acl_set_file(vfs_handle_struct *handle, acl_type_t acl_type_info; int rc; - DEBUG(10, ("aixjfs2_sys_acl_set_file invoked for %s", name)); + DEBUG(10, ("aixjfs2_sys_acl_set_file invoked for %s", + smb_fname->base_name)); rc = aixjfs2_query_acl_support((char *)smb_fname->base_name, ACL_AIXC, &acl_type_info); @@ -490,7 +491,7 @@ int aixjfs2_sys_acl_set_file(vfs_handle_struct *handle, return -1; rc = aclx_put( - (char *)name, + (char *)smb_fname->base_name, SET_ACL, /* set only the ACL, not mode bits */ acl_type_info, acl_aixc, diff --git a/source3/modules/vfs_virusfilter.c b/source3/modules/vfs_virusfilter.c index 571073f..7ae5a96 100644 --- a/source3/modules/vfs_virusfilter.c +++ b/source3/modules/vfs_virusfilter.c @@ -275,8 +275,9 @@ static int virusfilter_vfs_connect( temp_quarantine_dir_mode = lp_parm_const_string( snum, "virusfilter", "quarantine directory mode", "0755"); if (temp_quarantine_dir_mode != NULL) { - sscanf(temp_quarantine_dir_mode, "%o", - &config->quarantine_dir_mode); + unsigned int mode = 0; + sscanf(temp_quarantine_dir_mode, "%o", &mode); + config->quarantine_dir_mode = mode; } config->quarantine_prefix = lp_parm_const_string( diff --git a/source3/modules/vfs_virusfilter_utils.c b/source3/modules/vfs_virusfilter_utils.c index 628e0ae..f56fc6e 100644 --- a/source3/modules/vfs_virusfilter_utils.c +++ b/source3/modules/vfs_virusfilter_utils.c @@ -147,11 +147,18 @@ bool virusfilter_io_connect_path( { struct sockaddr_un addr; NTSTATUS status; - int socket, bes_result, flags, ret; + int socket, ret; + size_t len; + bool ok; ZERO_STRUCT(addr); addr.sun_family = AF_UNIX; - strncpy(addr.sun_path, path, sizeof(addr.sun_path)); + + len = strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); + if (len >= sizeof(addr.sun_path)) { + io_h->stream = NULL; + return false; + } status = open_socket_out((struct sockaddr_storage *)&addr, 0, io_h->connect_timeout, @@ -162,23 +169,23 @@ bool virusfilter_io_connect_path( } /* We must not block */ - flags = fcntl(socket, F_GETFL); - if (flags <= 0) { - /* Handle error by ignoring */; - flags = 0; - DBG_WARNING("Could not get flags on socket (%s).\n", - strerror(errno)); - } - flags |= SOCK_NONBLOCK; - ret = fcntl(socket, F_SETFL, flags); + ret = set_blocking(socket, false); if (ret == -1) { - /* Handle error by ignoring for now */ - DBG_WARNING("Could not set flags on socket: %s.\n", - strerror(errno)); + close(socket); + io_h->stream = NULL; + return false; } - bes_result = tstream_bsd_existing_socket(io_h, socket, &io_h->stream); - if (bes_result < 0) { + ok = smb_set_close_on_exec(socket); + if (!ok) { + close(socket); + io_h->stream = NULL; + return false; + } + + ret = tstream_bsd_existing_socket(io_h, socket, &io_h->stream); + if (ret == -1) { + close(socket); DBG_ERR("Could not convert socket to tstream: %s.\n", strerror(errno)); io_h->stream = NULL; @@ -389,7 +396,7 @@ bool virusfilter_io_writefl( { va_list ap; char data[VIRUSFILTER_IO_BUFFER_SIZE + VIRUSFILTER_IO_EOL_SIZE]; - size_t data_size; + int data_size; va_start(ap, data_fmt); data_size = vsnprintf(data, VIRUSFILTER_IO_BUFFER_SIZE, data_fmt, ap); @@ -411,7 +418,7 @@ bool virusfilter_io_vwritefl( const char *data_fmt, va_list ap) { char data[VIRUSFILTER_IO_BUFFER_SIZE + VIRUSFILTER_IO_EOL_SIZE]; - size_t data_size; + int data_size; data_size = vsnprintf(data, VIRUSFILTER_IO_BUFFER_SIZE, data_fmt, ap); diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c index 40511f9..94a7e21 100644 --- a/source3/passdb/machine_account_secrets.c +++ b/source3/passdb/machine_account_secrets.c @@ -1317,7 +1317,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain, last_set_time = secrets_fetch_pass_last_set_time(domain); if (last_set_time == 0) { - return NT_STATUS_OK; + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } unix_to_nt_time(&last_set_nt, last_set_time); diff --git a/source3/utils/destroy_netlogon_creds_cli.c b/source3/utils/destroy_netlogon_creds_cli.c new file mode 100644 index 0000000..137ac83 --- /dev/null +++ b/source3/utils/destroy_netlogon_creds_cli.c @@ -0,0 +1,137 @@ +/* + * Unix SMB/CIFS implementation. + * Garble the netlogon_creds_cli key for testing purposes + * Copyright (C) Volker Lendecke 2018 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "includes.h" +#include "system/filesys.h" +#include <talloc.h> +#include <tevent.h> +#include "messages.h" +#include "lib/util/talloc_stack.h" +#include "popt_common.h" +#include "lib/param/loadparm.h" +#include "lib/param/param.h" +#include "libcli/auth/netlogon_creds_cli.h" +#include "lib/dbwrap/dbwrap.h" +#include "lib/dbwrap/dbwrap_open.h" + +int main(int argc, const char *argv[]) +{ + TALLOC_CTX *mem_ctx = talloc_stackframe(); + struct tevent_context *ev; + struct messaging_context *msg_ctx; + struct loadparm_context *lp_ctx; -- Samba Shared Repository