The branch, master has been updated via 7f6f4777b40 third_party: Update pam_wrapper to version 1.1.4 via 6ed71ad7e6a lib: handle NTTIME_THAW in nt_time_to_full_timespec() via 0659069f829 torture: add a test for NTTIME_FREEZE and NTTIME_THAW via 194faa76161 lib: add a test for null_nttime(NTTIME_THAW) via 5503bde93bd lib: update null_nttime() of -1: -1 is NTTIME_FREEZE via e2740e4868f lib: use NTTIME_FREEZE in a null_nttime() test via d84779302cc lib: fix null_nttime() tests via f73aff502ca lib: add NTTIME_THAW from 16d43ccfddf lib:cmdline: Fix -k option which doesn't expect anything
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 7f6f4777b4081dbfcd875bf6dcbbab03a1fa413d Author: Andreas Schneider <a...@cryptomilk.org> Date: Thu Oct 28 10:50:30 2021 +0200 third_party: Update pam_wrapper to version 1.1.4 Signed-off-by: Andreas Schneider <a...@cryptomilk.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Thu Oct 28 19:03:04 UTC 2021 on sn-devel-184 commit 6ed71ad7e6aa98a34cfde95d7d62c46694d58469 Author: Ralph Boehme <s...@samba.org> Date: Tue Oct 5 15:10:33 2021 +0200 lib: handle NTTIME_THAW in nt_time_to_full_timespec() Preliminary handling of NTTIME_THAW to avoid NTTIME_THAW is passed as some mangled value down to the VFS set timestamps function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 RN: Avoid storing NTTIME_THAW (-2) as value on disk Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 0659069f8292996be475d407b53d161aa3f35554 Author: Ralph Boehme <s...@samba.org> Date: Thu Oct 28 12:55:39 2021 +0200 torture: add a test for NTTIME_FREEZE and NTTIME_THAW BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 194faa76161a12ae1eae2b471d6f159d97ef75a8 Author: Ralph Boehme <s...@samba.org> Date: Thu Oct 28 10:18:54 2021 +0200 lib: add a test for null_nttime(NTTIME_THAW) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 5503bde93bddf3634b183e665773399c110251d4 Author: Ralph Boehme <s...@samba.org> Date: Thu Oct 28 10:18:17 2021 +0200 lib: update null_nttime() of -1: -1 is NTTIME_FREEZE NTTIME_FREEZE is not a nil sentinel value, instead it implies special, yet unimplemented semantics. Callers must deal with those values specifically and null_nttime() must not lie about their nature. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit e2740e4868f2a49877a86a8666d26226b5657317 Author: Ralph Boehme <s...@samba.org> Date: Thu Oct 28 10:17:01 2021 +0200 lib: use NTTIME_FREEZE in a null_nttime() test No change in behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit d84779302cc54a7b84c05ccc458e04b27fd142f4 Author: Ralph Boehme <s...@samba.org> Date: Wed Oct 27 17:02:48 2021 +0200 lib: fix null_nttime() tests The test was checking -1 twice: torture_assert(tctx, null_nttime(-1), "-1"); torture_assert(tctx, null_nttime(-1), "-1"); The first line was likely supposed to test the value "0". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit f73aff502cadabb7fe6b94a697f0a2256d1d4aca Author: Ralph Boehme <s...@samba.org> Date: Tue Oct 5 15:10:10 2021 +0200 lib: add NTTIME_THAW BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: buildtools/wafsamba/samba_third_party.py | 2 +- lib/util/tests/time.c | 5 +- lib/util/time.c | 8 +- lib/util/time.h | 1 + source4/torture/smb2/timestamps.c | 208 +++++++++++++++++++++++++++++ third_party/pam_wrapper/libpamtest.c | 19 ++- third_party/pam_wrapper/libpamtest.h | 30 +++-- third_party/pam_wrapper/pam_wrapper.c | 142 +++----------------- third_party/pam_wrapper/python/pypamtest.c | 192 ++++++++++++++++++++++++-- third_party/pam_wrapper/wscript | 7 +- 10 files changed, 447 insertions(+), 167 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_third_party.py b/buildtools/wafsamba/samba_third_party.py index 1c027cb6870..f046ebc96da 100644 --- a/buildtools/wafsamba/samba_third_party.py +++ b/buildtools/wafsamba/samba_third_party.py @@ -44,5 +44,5 @@ Build.BuildContext.CHECK_UID_WRAPPER = CHECK_UID_WRAPPER @conf def CHECK_PAM_WRAPPER(conf): - return conf.CHECK_BUNDLED_SYSTEM_PKG('pam_wrapper', minversion='1.1.2') + return conf.CHECK_BUNDLED_SYSTEM_PKG('pam_wrapper', minversion='1.1.4') Build.BuildContext.CHECK_PAM_WRAPPER = CHECK_PAM_WRAPPER diff --git a/lib/util/tests/time.c b/lib/util/tests/time.c index 039f7f4ccf8..ec27f567a71 100644 --- a/lib/util/tests/time.c +++ b/lib/util/tests/time.c @@ -34,8 +34,9 @@ static bool test_null_time(struct torture_context *tctx) static bool test_null_nttime(struct torture_context *tctx) { - torture_assert(tctx, null_nttime(-1), "-1"); - torture_assert(tctx, null_nttime(-1), "-1"); + torture_assert(tctx, null_nttime(0), "0"); + torture_assert(tctx, !null_nttime(NTTIME_FREEZE), "-1"); + torture_assert(tctx, !null_nttime(NTTIME_THAW), "-2"); torture_assert(tctx, !null_nttime(42), "42"); return true; } diff --git a/lib/util/time.c b/lib/util/time.c index 53bf194fe0b..cec91c14791 100644 --- a/lib/util/time.c +++ b/lib/util/time.c @@ -178,7 +178,7 @@ check if it's a null NTTIME **/ _PUBLIC_ bool null_nttime(NTTIME t) { - return t == 0 || t == (NTTIME)-1; + return t == 0; } /******************************************************************* @@ -1128,10 +1128,10 @@ struct timespec nt_time_to_full_timespec(NTTIME nt) if (nt == NTTIME_OMIT) { return make_omit_timespec(); } - if (nt == NTTIME_FREEZE) { + if (nt == NTTIME_FREEZE || nt == NTTIME_THAW) { /* - * This should be returned as SAMBA_UTIME_FREEZE in the - * future. + * This should be returned as SAMBA_UTIME_FREEZE or + * SAMBA_UTIME_THAW in the future. */ return make_omit_timespec(); } diff --git a/lib/util/time.h b/lib/util/time.h index 6726f39c7cc..72347b39b99 100644 --- a/lib/util/time.h +++ b/lib/util/time.h @@ -63,6 +63,7 @@ * implement this yet. */ #define NTTIME_FREEZE UINT64_MAX +#define NTTIME_THAW (UINT64_MAX - 1) #define SAMBA_UTIME_NOW UTIME_NOW #define SAMBA_UTIME_OMIT UTIME_OMIT diff --git a/source4/torture/smb2/timestamps.c b/source4/torture/smb2/timestamps.c index c37e81d2adc..0e3f0c0ab69 100644 --- a/source4/torture/smb2/timestamps.c +++ b/source4/torture/smb2/timestamps.c @@ -352,6 +352,213 @@ static bool test_time_t_1968(struct torture_context *tctx, -63158400 /* 1968 */); } +static bool test_freeze_thaw(struct torture_context *tctx, + struct smb2_tree *tree) +{ + const char *filename = BASEDIR "\\test_freeze_thaw"; + struct smb2_create cr; + struct smb2_handle handle = {{0}}; + struct smb2_handle testdirh = {{0}}; + struct timespec ts = { .tv_sec = time(NULL) }; + uint64_t nttime; + union smb_fileinfo gi; + union smb_setfileinfo si; + NTSTATUS status; + bool ret = true; + + smb2_deltree(tree, BASEDIR); + + status = torture_smb2_testdir(tree, BASEDIR, &testdirh); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "torture_smb2_testdir failed\n"); + + cr = (struct smb2_create) { + .in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED, + .in.file_attributes = FILE_ATTRIBUTE_NORMAL, + .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, + .in.create_disposition = NTCREATEX_DISP_OPEN_IF, + .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS, + .in.fname = filename, + }; + + status = smb2_create(tree, tctx, &cr); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create failed\n"); + handle = cr.out.file.handle; + + si = (union smb_setfileinfo) { + .basic_info.level = RAW_SFILEINFO_BASIC_INFORMATION, + .basic_info.in.file.handle = handle, + }; + + /* + * Step 1: + * First set timestamps of testfile to current time + */ + + nttime = full_timespec_to_nt_time(&ts); + si.basic_info.in.create_time = nttime; + si.basic_info.in.write_time = nttime; + si.basic_info.in.change_time = nttime; + + status = smb2_setinfo_file(tree, &si); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_setinfo_file failed\n"); + + gi = (union smb_fileinfo) { + .generic.level = SMB_QFILEINFO_BASIC_INFORMATION, + .generic.in.file.handle = handle, + }; + + /* + * Step 2: + * Verify timestamps are indeed set to the value in "nttime". + */ + + status = smb2_getinfo_file(tree, tctx, &gi); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_getinfo_file failed\n"); + + torture_comment(tctx, "Got: create: %s, write: %s, change: %s\n", + nt_time_string(tctx, gi.basic_info.out.create_time), + nt_time_string(tctx, gi.basic_info.out.write_time), + nt_time_string(tctx, gi.basic_info.out.change_time)); + + torture_assert_u64_equal_goto(tctx, + nttime, + gi.basic_info.out.create_time, + ret, done, + "Wrong create time\n"); + torture_assert_u64_equal_goto(tctx, + nttime, + gi.basic_info.out.write_time, + ret, done, + "Wrong write time\n"); + torture_assert_u64_equal_goto(tctx, + nttime, + gi.basic_info.out.change_time, + ret, done, + "Wrong change time\n"); + + /* + * Step 3: + * First set timestamps with NTTIME_FREEZE, must not change any + * timestamp value. + */ + + si.basic_info.in.create_time = NTTIME_FREEZE; + si.basic_info.in.write_time = NTTIME_FREEZE; + si.basic_info.in.change_time = NTTIME_FREEZE; + + status = smb2_setinfo_file(tree, &si); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_setinfo_file failed\n"); + + gi = (union smb_fileinfo) { + .generic.level = SMB_QFILEINFO_BASIC_INFORMATION, + .generic.in.file.handle = handle, + }; + + /* + * Step 4: + * Verify timestamps are unmodified from step 2. + */ + + gi = (union smb_fileinfo) { + .generic.level = SMB_QFILEINFO_BASIC_INFORMATION, + .generic.in.file.handle = handle, + }; + + status = smb2_getinfo_file(tree, tctx, &gi); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_getinfo_file failed\n"); + + torture_comment(tctx, "Got: create: %s, write: %s, change: %s\n", + nt_time_string(tctx, gi.basic_info.out.create_time), + nt_time_string(tctx, gi.basic_info.out.write_time), + nt_time_string(tctx, gi.basic_info.out.change_time)); + + torture_assert_u64_equal_goto(tctx, + nttime, + gi.basic_info.out.create_time, + ret, done, + "Wrong create time\n"); + torture_assert_u64_equal_goto(tctx, + nttime, + gi.basic_info.out.write_time, + ret, done, + "Wrong write time\n"); + torture_assert_u64_equal_goto(tctx, + nttime, + gi.basic_info.out.change_time, + ret, done, + "Wrong change time\n"); + + /* + * Step 5: + * First set timestamps with NTTIME_THAW, must not change any timestamp + * value. + */ + + si.basic_info.in.create_time = NTTIME_THAW; + si.basic_info.in.write_time = NTTIME_THAW; + si.basic_info.in.change_time = NTTIME_THAW; + + status = smb2_setinfo_file(tree, &si); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_setinfo_file failed\n"); + + gi = (union smb_fileinfo) { + .generic.level = SMB_QFILEINFO_BASIC_INFORMATION, + .generic.in.file.handle = handle, + }; + + /* + * Step 6: + * Verify timestamps are unmodified from step 2. + */ + + gi = (union smb_fileinfo) { + .generic.level = SMB_QFILEINFO_BASIC_INFORMATION, + .generic.in.file.handle = handle, + }; + + status = smb2_getinfo_file(tree, tctx, &gi); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_getinfo_file failed\n"); + + torture_comment(tctx, "Got: create: %s, write: %s, change: %s\n", + nt_time_string(tctx, gi.basic_info.out.create_time), + nt_time_string(tctx, gi.basic_info.out.write_time), + nt_time_string(tctx, gi.basic_info.out.change_time)); + + torture_assert_u64_equal_goto(tctx, + nttime, + gi.basic_info.out.create_time, + ret, done, + "Wrong create time\n"); + torture_assert_u64_equal_goto(tctx, + nttime, + gi.basic_info.out.write_time, + ret, done, + "Wrong write time\n"); + torture_assert_u64_equal_goto(tctx, + nttime, + gi.basic_info.out.change_time, + ret, done, + "Wrong change time\n"); + +done: + if (!smb2_util_handle_empty(handle)) { + smb2_util_close(tree, handle); + } + if (!smb2_util_handle_empty(testdirh)) { + smb2_util_close(tree, testdirh); + } + smb2_deltree(tree, BASEDIR); + return ret; +} + static bool test_delayed_write_vs_seteof(struct torture_context *tctx, struct smb2_tree *tree) { @@ -980,6 +1187,7 @@ struct torture_suite *torture_smb2_timestamps_init(TALLOC_CTX *ctx) torture_suite_add_1smb2_test(suite, "time_t_-1", test_time_t_minus_1); torture_suite_add_1smb2_test(suite, "time_t_-2", test_time_t_minus_2); torture_suite_add_1smb2_test(suite, "time_t_1968", test_time_t_1968); + torture_suite_add_1smb2_test(suite, "freeze-thaw", test_freeze_thaw); /* * Testing of delayed write-time udpates diff --git a/third_party/pam_wrapper/libpamtest.c b/third_party/pam_wrapper/libpamtest.c index 4474736d688..6033d5a5b7e 100644 --- a/third_party/pam_wrapper/libpamtest.c +++ b/third_party/pam_wrapper/libpamtest.c @@ -66,7 +66,8 @@ enum pamtest_err _pamtest_conv(const char *service, pam_conv_fn conv_fn, void *conv_userdata, struct pam_testcase test_cases[], - size_t num_test_cases) + size_t num_test_cases, + pam_handle_t *pam_handle) { int rv; pam_handle_t *ph; @@ -82,9 +83,13 @@ enum pamtest_err _pamtest_conv(const char *service, return PAMTEST_ERR_INTERNAL; } - rv = pam_start(service, user, &conv, &ph); - if (rv != PAM_SUCCESS) { - return PAMTEST_ERR_START; + if (pam_handle == NULL) { + rv = pam_start(service, user, &conv, &ph); + if (rv != PAM_SUCCESS) { + return PAMTEST_ERR_START; + } + } else { + ph = pam_handle; } for (tcindex = 0; tcindex < num_test_cases; tcindex++) { @@ -322,7 +327,8 @@ enum pamtest_err _pamtest(const char *service, const char *user, struct pamtest_conv_data *conv_data, struct pam_testcase test_cases[], - size_t num_test_cases) + size_t num_test_cases, + pam_handle_t *pam_handle) { struct pamtest_conv_ctx cctx = { .data = conv_data, @@ -332,5 +338,6 @@ enum pamtest_err _pamtest(const char *service, pamtest_simple_conv, &cctx, test_cases, - num_test_cases); + num_test_cases, + pam_handle); } diff --git a/third_party/pam_wrapper/libpamtest.h b/third_party/pam_wrapper/libpamtest.h index 0307a2663af..4b4a50ecd56 100644 --- a/third_party/pam_wrapper/libpamtest.h +++ b/third_party/pam_wrapper/libpamtest.h @@ -19,6 +19,7 @@ #ifndef __LIBPAMTEST_H_ #define __LIBPAMTEST_H_ +#include <stddef.h> #include <stdint.h> #include <security/pam_appl.h> @@ -128,12 +129,11 @@ struct pamtest_conv_data { * an index internally. */ const char **in_echo_on; - - /** Captures messages through PAM_TEXT_INFO. The test caller is + /** Captures messages through PAM_ERROR_MSG. The test caller is * responsible for allocating enough space in the array. */ char **out_err; - /** Captures messages through PAM_ERROR_MSG. The test caller is + /** Captures messages through PAM_TEXT_INFO. The test caller is * responsible for allocating enough space in the array. */ char **out_info; @@ -156,6 +156,8 @@ struct pamtest_conv_data { * @param[in] test_cases List of libpamtest test cases. Must end with * PAMTEST_CASE_SENTINEL * + * @param[in] pam_handle The PAM handle to use to run the tests + * * @code * int main(void) { * int rc; @@ -175,10 +177,11 @@ enum pamtest_err run_pamtest_conv(const char *service, const char *user, pam_conv_fn conv_fn, void *conv_userdata, - struct pam_testcase test_cases[]); + struct pam_testcase test_cases[], + pam_handle_t *pam_handle); #else -#define run_pamtest_conv(service, user, conv_fn, conv_data, test_cases) \ - _pamtest_conv(service, user, conv_fn, conv_data, test_cases, sizeof(test_cases)/sizeof(test_cases[0]) +#define run_pamtest_conv(service, user, conv_fn, conv_data, test_cases, pam_handle) \ + _pamtest_conv(service, user, conv_fn, conv_data, test_cases, sizeof(test_cases)/sizeof(test_cases[0], pam_handle) #endif #ifdef DOXYGEN @@ -196,6 +199,8 @@ enum pamtest_err run_pamtest_conv(const char *service, * @param[in] test_cases List of libpamtest test cases. Must end with * PAMTEST_CASE_SENTINEL * + * @param[in] pam_handle The PAM handle to use to run the tests + * * @code * int main(void) { * int rc; @@ -214,10 +219,11 @@ enum pamtest_err run_pamtest_conv(const char *service, enum pamtest_err run_pamtest(const char *service, const char *user, struct pamtest_conv_data *conv_data, - struct pam_testcase test_cases[]); + struct pam_testcase test_cases[], + pam_handle_t *pam_handle); #else -#define run_pamtest(service, user, conv_data, test_cases) \ - _pamtest(service, user, conv_data, test_cases, sizeof(test_cases)/sizeof(test_cases[0])) +#define run_pamtest(service, user, conv_data, test_cases, pam_handle) \ + _pamtest(service, user, conv_data, test_cases, sizeof(test_cases)/sizeof(test_cases[0]), pam_handle) #endif #ifdef DOXYGEN @@ -262,13 +268,15 @@ enum pamtest_err _pamtest_conv(const char *service, pam_conv_fn conv_fn, void *conv_userdata, struct pam_testcase test_cases[], - size_t num_test_cases); + size_t num_test_cases, + pam_handle_t *pam_handle); enum pamtest_err _pamtest(const char *service, const char *user, struct pamtest_conv_data *conv_data, struct pam_testcase test_cases[], - size_t num_test_cases); + size_t num_test_cases, + pam_handle_t *pam_handle); const struct pam_testcase *_pamtest_failed_case(struct pam_testcase test_cases[], size_t num_test_cases); diff --git a/third_party/pam_wrapper/pam_wrapper.c b/third_party/pam_wrapper/pam_wrapper.c index dd69c43f021..da2c7381656 100644 --- a/third_party/pam_wrapper/pam_wrapper.c +++ b/third_party/pam_wrapper/pam_wrapper.c @@ -311,7 +311,14 @@ static struct pwrap pwrap; *********************************************************/ bool pam_wrapper_enabled(void); +#if ! defined(HAVE_CONSTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_INIT) +/* xlC and other oldschool compilers support (only) this */ +#pragma init (pwrap_constructor) +#endif void pwrap_constructor(void) CONSTRUCTOR_ATTRIBUTE; +#if ! defined(HAVE_DESTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_FINI) +#pragma fini (pwrap_destructor) +#endif void pwrap_destructor(void) DESTRUCTOR_ATTRIBUTE; /********************************************************* @@ -784,14 +791,20 @@ static void pwrap_clean_stale_dirs(const char *dir) buf[sizeof(buf) - 1] = '\0'; tmp = strtol(buf, NULL, 10); - if (tmp == 0 || tmp > 0xFFFF || errno == ERANGE) { + if (tmp == 0 || errno == ERANGE) { PWRAP_LOG(PWRAP_LOG_ERROR, "Failed to parse pid, buf=%s", buf); return; } - pid = (pid_t)(tmp & 0xFFFF); + pid = (pid_t)tmp; + /* Check if we are out of pid_t range on this system */ + if ((long)pid != tmp) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "pid out of range: %ld", tmp); + return; + } rc = kill(pid, 0); if (rc == -1) { @@ -935,130 +948,6 @@ static void pwrap_init(void) #else /* HAVE_PAM_START_CONFDIR */ -#ifdef HAVE_PAM_MODUTIL_SEARCH_KEY -/* - * This is needed to workaround Tumbleweed which packages a libpam git version. - */ -static int pso_copy(const char *src, const char *dst, const char *pdir, mode_t mode) -{ -#define PSO_COPY_READ_SIZE 16 - int srcfd = -1; - int dstfd = -1; - int rc = -1; - ssize_t bread, bwritten; - struct stat sb; - char buf[PSO_COPY_READ_SIZE + 1]; - size_t pso_copy_read_size = PSO_COPY_READ_SIZE; - int cmp; - size_t to_read; - bool found_slash; - - cmp = strcmp(src, dst); - if (cmp == 0) { -- Samba Shared Repository