The branch, v4-15-test has been updated
via bab52ff3bf8 blackbox.ndrdump: fix
test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
via c0795f1a634 librpc/ndr: let ndr_push_string() let s_len == 0 result
in d_len = 0
via cb7e6f0e7fb s4:torture/ndr: demonstrate the
ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
via 3fcc39542da blackbox.ndrdump: adjust example files to the usage of
dump_data_diff output.
via 318266fcedb ndrdump: make use of dump_data_file_diff() in order to
show differences
via 205ebe24389 lib/util: add dump_data_diff*() helpers
via 4a6c8349c39 blackbox.ndrdump: adjust example files to changed
dump_data() output.
via 85c3f4ad396 lib/util: split out a dump_data_block16() helper
via 82799c1f86d printing/bgqd: Disable systemd notifications
via e26270cbe58 dcesrv_core: wrap gensec_*() calls in [un]become_root()
calls
from 13e621aea07 s3:libnet: Do not set ADS_AUTH_ALLOW_NTLMSSP in FIPS
mode
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test
- Log -----------------------------------------------------------------
commit bab52ff3bf88cfbacead33d6a09e851f48c81004
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jan 21 20:42:45 2022 +0100
blackbox.ndrdump: fix
test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
This actually reveals that ndr_push_string() for TargetName="" was
failing before because it resulted in 1 byte for a subcontext with
TargetLen=0.
This is fixed now and we no longer expect ndrdump to exit with 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184
(cherry picked from commit 12464bd4c222d996aac6d6250b7945d63f20f4bc)
Autobuild-User(v4-15-test): Jule Anger <jan...@samba.org>
Autobuild-Date(v4-15-test): Sun Jan 30 11:18:59 UTC 2022 on sn-devel-184
commit c0795f1a6348048c849b853c5c6e0cbc7b002daa
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Nov 3 13:57:50 2021 +0100
librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
convert_string_talloc_handle() tries to play an the safe side
and always returns a null terminated array.
But for NDR we need to be correct on the wire...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 43648e95a514020da4c7efa62df55d0882e3db85)
commit cb7e6f0e7fbaa944412d167adbe06fb6057cb370
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jan 21 01:09:23 2022 +0100
s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of ""
is wrong
convert_string_talloc() never returns a string with len=0 and always
implies zero termination byte(s).
For ndr_push_string this is unexpected as we need to be compatible on
the wire and push 0 bytes for an empty string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 8da26cb6725b5d853ab481a348a3a672966715b5)
commit 3fcc39542dabcced640f25898fe6e96f8d6fa735
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jan 21 20:28:59 2022 +0100
blackbox.ndrdump: adjust example files to the usage of dump_data_diff
output.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 1dc385cb648f0c37b04f4ede6b1c96916e379b23)
commit 318266fcedb1ddd20725e92207e681a31bd6537b
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Nov 3 13:32:48 2021 +0100
ndrdump: make use of dump_data_file_diff() in order to show differences
This makes it much easier to detect differences in the given and
generated buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit d1a7f392a8ceef111a5d6c3d2a3bdb9dcb90db5e)
commit 205ebe243895ed3f64b50887f00ca418134e17d8
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Nov 3 11:40:13 2021 +0100
lib/util: add dump_data_diff*() helpers
That will make it easy to see the difference
between two memory buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit b489b7feda19b3c0f0fe2300f2c76d416776355b)
commit 4a6c8349c39eda9fa39ee3e7eb33ace37d391bad
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Jan 21 20:06:40 2022 +0100
blackbox.ndrdump: adjust example files to changed dump_data() output.
The cleanup using dump_data_block16() fixed the space handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 9110a8854a518befa2908c26076e17a085c5ec48)
commit 85c3f4ad396b5c0bc2923c3e4dc8a91e0bb8cf7f
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Nov 3 11:05:52 2021 +0100
lib/util: split out a dump_data_block16() helper
This simplifies the logic a lot for me.
It also fixes some corner cases regarding whitespaces in the
output, that's why we have to mark a few tests as knownfail,
they will be fixed in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 58b09e107cadd7fb8191822d4e7e42657b1ed4c7)
commit 82799c1f86d966be47bc7de29e8c7f0cd574b7c9
Author: FeRD (Frank Dana) <ferd...@gmail.com>
Date: Mon Jan 24 22:14:31 2022 -0500
printing/bgqd: Disable systemd notifications
samba-bgqd daemon is started by existing Samba daemons. When running
under systemd, those daemons control systemd notifications and
samba-bgqd messages need to be silenced.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14947
Signed-off-by: FeRD (Frank Dana) <ferd...@gmail.com>
Reviewed-by: Alexander Bokovoy <a...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 36c861e25b1d9c5ce44bfcb46247e7e4747930c5)
commit e26270cbe587ebd297b2b0fbece3e9c0542862d0
Author: Stefan Metzmacher <me...@samba.org>
Date: Sat Jan 22 01:08:26 2022 +0100
dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
This is important for the source3/rpc_server code as it might
be called embedded in smbd and may not run as root with access
to our private tdb/ldb files.
Note this is only really needed for 4.15 and older, as
we no longer run the rpc_server embedded in smbd,
but we better be consistent for now.
This should be able to fix the problem the printing no longer works
on Windows 7 with 2021-10 monthly rollup patch (KB5006743).
Windows uses NTLMSSP with privacy at the DCERPC layer on top
of NCACN_NP (smb).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 0651fa474cd68b18d8eb9bdc7c4ba5b847ba9ad9)
-----------------------------------------------------------------------
Summary of changes:
lib/util/util.c | 203 +++++++++-----
lib/util/util.h | 28 ++
librpc/ndr/ndr_string.c | 5 +-
librpc/rpc/dcesrv_auth.c | 5 +
librpc/rpc/dcesrv_core.c | 18 ++
librpc/rpc/dcesrv_core.h | 2 +
librpc/tools/ndrdump.c | 10 +
python/samba/tests/blackbox/ndrdump.py | 19 +-
source3/printing/samba-bgqd.c | 3 +
source3/rpc_server/rpc_config.c | 2 +
source3/selftest/ktest-krb5_ccache-2.txt | 4 +-
source3/selftest/ktest-krb5_ccache-3.txt | 4 +-
.../tests/dns-decode_dns_name_packet-hex.txt | 2 +-
.../librpc/tests/fuzzed_drsuapi_DsAddEntry_1.txt | 297 ++++++++++++++++++++-
.../librpc/tests/fuzzed_drsuapi_DsGetNCChanges.txt | 2 +-
.../tests/fuzzed_drsuapi_DsReplicaAttribute.txt | 31 ++-
.../tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.txt | 33 +++
.../tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt | 52 +++-
source4/librpc/tests/krb5pac_upn_dns_info_ex.txt | 61 +++++
.../krb5pac_upn_dns_info_ex_not_supported.txt | 69 +++++
source4/rpc_server/service_rpc.c | 10 +
source4/torture/ndr/string.c | 30 ++-
22 files changed, 798 insertions(+), 92 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/util.c b/lib/util/util.c
index 7eee60b85cd..c066406d320 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -481,6 +481,48 @@ void print_asc(int level, const uint8_t *buf,int len)
print_asc_cb(buf, len, debugadd_cb, &level);
}
+static void dump_data_block16(const char *prefix, size_t idx,
+ const uint8_t *buf, size_t len,
+ void (*cb)(const char *buf, void *private_data),
+ void *private_data)
+{
+ char tmp[16];
+ size_t i;
+
+ SMB_ASSERT(len >= 0 && len <= 16);
+
+ snprintf(tmp, sizeof(tmp), "%s[%04zX]", prefix, idx);
+ cb(tmp, private_data);
+
+ for (i=0; i<16; i++) {
+ if (i == 8) {
+ cb(" ", private_data);
+ }
+ if (i < len) {
+ snprintf(tmp, sizeof(tmp), " %02X", (int)buf[i]);
+ } else {
+ snprintf(tmp, sizeof(tmp), " ");
+ }
+ cb(tmp, private_data);
+ }
+
+ cb(" ", private_data);
+
+ if (len == 0) {
+ cb("EMPTY BLOCK\n", private_data);
+ return;
+ }
+
+ for (i=0; i<len; i++) {
+ if (i == 8) {
+ cb(" ", private_data);
+ }
+ print_asc_cb(&buf[i], 1, cb, private_data);
+ }
+
+ cb("\n", private_data);
+}
+
/**
* Write dump of binary data to a callback
*/
@@ -491,73 +533,30 @@ void dump_data_cb(const uint8_t *buf, int len,
{
int i=0;
bool skipped = false;
- char tmp[16];
if (len<=0) return;
- for (i=0;i<len;) {
-
- if (i%16 == 0) {
- if ((omit_zero_bytes == true) &&
- (i > 0) &&
- (len > i+16) &&
- all_zero(&buf[i], 16))
- {
- i +=16;
- continue;
- }
-
- if (i<len) {
- snprintf(tmp, sizeof(tmp), "[%04X] ", i);
- cb(tmp, private_data);
+ for (i=0;i<len;i+=16) {
+ size_t remaining_len = len - i;
+ size_t this_len = MIN(remaining_len, 16);
+ const uint8_t *this_buf = &buf[i];
+
+ if ((omit_zero_bytes == true) &&
+ (i > 0) && (remaining_len > 16) &&
+ (this_len == 16) && all_zero(this_buf, 16))
+ {
+ if (!skipped) {
+ cb("skipping zero buffer bytes\n",
+ private_data);
+ skipped = true;
}
+ continue;
}
- snprintf(tmp, sizeof(tmp), "%02X ", (int)buf[i]);
- cb(tmp, private_data);
- i++;
- if (i%8 == 0) {
- cb(" ", private_data);
- }
- if (i%16 == 0) {
-
- print_asc_cb(&buf[i-16], 8, cb, private_data);
- cb(" ", private_data);
- print_asc_cb(&buf[i-8], 8, cb, private_data);
- cb("\n", private_data);
-
- if ((omit_zero_bytes == true) &&
- (len > i+16) &&
- all_zero(&buf[i], 16)) {
- if (!skipped) {
- cb("skipping zero buffer bytes\n",
- private_data);
- skipped = true;
- }
- }
- }
+ skipped = false;
+ dump_data_block16("", i, this_buf, this_len,
+ cb, private_data);
}
-
- if (i%16) {
- int n;
- n = 16 - (i%16);
- cb(" ", private_data);
- if (n>8) {
- cb(" ", private_data);
- }
- while (n--) {
- cb(" ", private_data);
- }
- n = MIN(8,i%16);
- print_asc_cb(&buf[i-(i%16)], n, cb, private_data);
- cb(" ", private_data);
- n = (i%16) - n;
- if (n>0) {
- print_asc_cb(&buf[i-n], n, cb, private_data);
- }
- cb("\n", private_data);
- }
-
}
/**
@@ -615,6 +614,90 @@ void dump_data_file(const uint8_t *buf, int len, bool
omit_zero_bytes,
dump_data_cb(buf, len, omit_zero_bytes, fprintf_cb, f);
}
+/**
+ * Write dump of compared binary data to a callback
+ */
+void dump_data_diff_cb(const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2,
+ bool omit_zero_bytes,
+ void (*cb)(const char *buf, void *private_data),
+ void *private_data)
+{
+ size_t len = MAX(len1, len2);
+ size_t i;
+ bool skipped = false;
+
+ for (i=0; i<len; i+=16) {
+ size_t remaining_len = len - i;
+ size_t remaining_len1 = 0;
+ size_t this_len1 = 0;
+ const uint8_t *this_buf1 = NULL;
+ size_t remaining_len2 = 0;
+ size_t this_len2 = 0;
+ const uint8_t *this_buf2 = NULL;
+
+ if (i < len1) {
+ remaining_len1 = len1 - i;
+ this_len1 = MIN(remaining_len1, 16);
+ this_buf1 = &buf1[i];
+ }
+ if (i < len2) {
+ remaining_len2 = len2 - i;
+ this_len2 = MIN(remaining_len2, 16);
+ this_buf2 = &buf2[i];
+ }
+
+ if ((omit_zero_bytes == true) &&
+ (i > 0) && (remaining_len > 16) &&
+ (this_len1 == 16) && all_zero(this_buf1, 16) &&
+ (this_len2 == 16) && all_zero(this_buf2, 16))
+ {
+ if (!skipped) {
+ cb("skipping zero buffer bytes\n",
+ private_data);
+ skipped = true;
+ }
+ continue;
+ }
+
+ skipped = false;
+
+ if ((this_len1 == this_len2) &&
+ (memcmp(this_buf1, this_buf2, this_len1) == 0))
+ {
+ dump_data_block16(" ", i, this_buf1, this_len1,
+ cb, private_data);
+ continue;
+ }
+
+ dump_data_block16("-", i, this_buf1, this_len1,
+ cb, private_data);
+ dump_data_block16("+", i, this_buf2, this_len2,
+ cb, private_data);
+ }
+}
+
+_PUBLIC_ void dump_data_diff(int dbgc_class, int level,
+ bool omit_zero_bytes,
+ const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2)
+{
+ struct debug_channel_level dcl = { dbgc_class, level };
+
+ if (!DEBUGLVLC(dbgc_class, level)) {
+ return;
+ }
+ dump_data_diff_cb(buf1, len1, buf2, len2, true, debugadd_channel_cb,
&dcl);
+}
+
+_PUBLIC_ void dump_data_file_diff(FILE *f,
+ bool omit_zero_bytes,
+ const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2)
+{
+ dump_data_diff_cb(buf1, len1, buf2, len2, omit_zero_bytes, fprintf_cb,
f);
+}
+
/**
malloc that aborts with smb_panic on fail or zero size.
**/
diff --git a/lib/util/util.h b/lib/util/util.h
index a7acad56880..072f0486234 100644
--- a/lib/util/util.h
+++ b/lib/util/util.h
@@ -51,4 +51,32 @@ _PUBLIC_ void dump_data(int level, const uint8_t *buf,int
len);
*/
_PUBLIC_ void dump_data_dbgc(int dbgc_class, int level, const uint8_t *buf,
int len);
+/**
+ * Write dump of compared binary data to a callback
+ */
+void dump_data_diff_cb(const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2,
+ bool omit_zero_bytes,
+ void (*cb)(const char *buf, void *private_data),
+ void *private_data);
+
+/**
+ * Write dump of compared binary data to the log file.
+ *
+ * The data is only written if the log level is at least level for
+ * debug class dbgc_class.
+ */
+_PUBLIC_ void dump_data_diff(int dbgc_class, int level,
+ bool omit_zero_bytes,
+ const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2);
+
+/**
+ * Write dump of compared binary data to the given file handle
+ */
+_PUBLIC_ void dump_data_file_diff(FILE *f,
+ bool omit_zero_bytes,
+ const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2);
+
#endif
diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index b5421e99ff5..95b0366b791 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -236,7 +236,10 @@ _PUBLIC_ enum ndr_err_code ndr_push_string(struct ndr_push
*ndr, int ndr_flags,
s_len++;
}
- if (!do_convert) {
+ if (s_len == 0) {
+ d_len = 0;
+ dest = (uint8_t *)talloc_strdup(ndr, "");
+ } else if (!do_convert) {
d_len = s_len;
dest = (uint8_t *)talloc_strndup(ndr, s, s_len);
} else if (!convert_string_talloc(ndr, CH_UNIX, chset, s, s_len,
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index fec8df513a8..99d8e016216 100644
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -130,11 +130,13 @@ static bool dcesrv_auth_prepare_gensec(struct
dcesrv_call_state *call)
auth->auth_level = call->in_auth_info.auth_level;
auth->auth_context_id = call->in_auth_info.auth_context_id;
+ cb->auth.become_root();
status = cb->auth.gensec_prepare(
auth,
call,
&auth->gensec_security,
cb->auth.private_data);
+ cb->auth.unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to call samba_server_gensec_start %s\n",
nt_errstr(status)));
@@ -329,6 +331,7 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
{
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
const char *pdu = "<unknown>";
switch (call->pkt.ptype) {
@@ -359,9 +362,11 @@ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state
*call, NTSTATUS status)
return status;
}
+ cb->auth.become_root();
status = gensec_session_info(auth->gensec_security,
auth,
&auth->session_info);
+ cb->auth.unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to establish session_info: %s\n",
nt_errstr(status)));
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index d16159b0b6c..ea91fc689b4 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -938,6 +938,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
struct dcerpc_binding *ep_2nd_description = NULL;
const char *endpoint = NULL;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
struct dcerpc_ack_ctx *ack_ctx_list = NULL;
struct dcerpc_ack_ctx *ack_features = NULL;
struct tevent_req *subreq = NULL;
@@ -1143,9 +1144,11 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state
*call)
return dcesrv_auth_reply(call);
}
+ cb->auth.become_root();
subreq = gensec_update_send(call, call->event_ctx,
auth->gensec_security,
call->in_auth_info.credentials);
+ cb->auth.unbecome_root();
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1160,10 +1163,13 @@ static void dcesrv_bind_done(struct tevent_req *subreq)
tevent_req_callback_data(subreq,
struct dcesrv_call_state);
struct dcesrv_connection *conn = call->conn;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
NTSTATUS status;
+ cb->auth.become_root();
status = gensec_update_recv(subreq, call,
&call->out_auth_info->credentials);
+ cb->auth.unbecome_root();
TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
@@ -1221,6 +1227,7 @@ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state
*call)
{
struct dcesrv_connection *conn = call->conn;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
struct tevent_req *subreq = NULL;
NTSTATUS status;
@@ -1265,9 +1272,11 @@ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state
*call)
return NT_STATUS_OK;
}
+ cb->auth.become_root();
subreq = gensec_update_send(call, call->event_ctx,
auth->gensec_security,
call->in_auth_info.credentials);
+ cb->auth.unbecome_root();
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1283,10 +1292,13 @@ static void dcesrv_auth3_done(struct tevent_req *subreq)
struct dcesrv_call_state);
struct dcesrv_connection *conn = call->conn;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
NTSTATUS status;
+ cb->auth.become_root();
status = gensec_update_recv(subreq, call,
&call->out_auth_info->credentials);
+ cb->auth.unbecome_root();
TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
@@ -1555,6 +1567,7 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state
*call)
struct ncacn_packet *pkt = &call->ack_pkt;
uint32_t extra_flags = 0;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
struct dcerpc_ack_ctx *ack_ctx_list = NULL;
struct tevent_req *subreq = NULL;
size_t i;
@@ -1666,9 +1679,11 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state
*call)
return dcesrv_auth_reply(call);
}
+ cb->auth.become_root();
subreq = gensec_update_send(call, call->event_ctx,
auth->gensec_security,
call->in_auth_info.credentials);
+ cb->auth.unbecome_root();
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1683,10 +1698,13 @@ static void dcesrv_alter_done(struct tevent_req *subreq)
tevent_req_callback_data(subreq,
struct dcesrv_call_state);
struct dcesrv_connection *conn = call->conn;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
NTSTATUS status;
+ cb->auth.become_root();
status = gensec_update_recv(subreq, call,
&call->out_auth_info->credentials);
+ cb->auth.unbecome_root();
TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h
index d8d5f903095..0538442e0ce 100644
--- a/librpc/rpc/dcesrv_core.h
+++ b/librpc/rpc/dcesrv_core.h
@@ -392,6 +392,8 @@ struct dcesrv_context_callbacks {
struct gensec_security **out,
void *private_data);
void *private_data;
+ void (*become_root)(void);
+ void (*unbecome_root)(void);
} auth;
struct {
NTSTATUS (*find)(
diff --git a/librpc/tools/ndrdump.c b/librpc/tools/ndrdump.c
index ed9198f145d..b5d7f4fa3f6 100644
--- a/librpc/tools/ndrdump.c
+++ b/librpc/tools/ndrdump.c
@@ -189,6 +189,13 @@ static void ndrdump_data(uint8_t *d, uint32_t l, bool
force)
dump_data_file(d, l, !force, stdout);
}
+static void ndrdump_data_diff(const uint8_t *d1, size_t l1,
+ const uint8_t *d2, size_t l2,
+ bool force)
+{
+ dump_data_file_diff(stdout, !force, d1, l1, d2, l2);
+}
+
static NTSTATUS ndrdump_pull_and_print_pipes(const char *function,
struct ndr_pull *ndr_pull,
struct ndr_print *ndr_print,
@@ -772,6 +779,9 @@ static void ndr_print_dummy(struct ndr_print *ndr, const
char *format, ...)
printf("WARNING! orig and validated differ at byte
0x%02X (%u)\n", i, i);
printf("WARNING! orig byte[0x%02X] = 0x%02X validated
byte[0x%02X] = 0x%02X\n",
i, byte_a, i, byte_b);
+ ndrdump_data_diff(blob.data, blob.length,
+ v_blob.data, v_blob.length,
+ dumpdata);
}
}
diff --git a/python/samba/tests/blackbox/ndrdump.py
b/python/samba/tests/blackbox/ndrdump.py
index ace56d3edf6..11d9441e51a 100644
--- a/python/samba/tests/blackbox/ndrdump.py
+++ b/python/samba/tests/blackbox/ndrdump.py
@@ -170,7 +170,7 @@ dump OK
def test_ndrdump_input_cmdline_short_struct_name_dump(self):
expected = '''pull returned Buffer Size Error
6 bytes consumed
-[0000] 61 62 63 64 65 66 67 abcdefg ''' \
+[0000] 61 62 63 64 65 66 67 abcdefg''' \
'''
'''
try:
@@ -186,10 +186,10 @@ dump OK
def test_ndrdump_input_cmdline_short_struct_name_print_fail(self):
expected = '''pull returned Buffer Size Error
6 bytes consumed
-[0000] 61 62 63 64 65 66 67 abcdefg ''' \
+[0000] 61 62 63 64 65 66 67 abcdefg''' \
'''
WARNING! 1 unread bytes
-[0000] 67 g ''' \
+[0000] 67 g''' \
'''
WARNING: pull of GUID was incomplete, therefore the parse below may SEGFAULT
GUID : 64636261-6665-0000-0000-000000000000
@@ -211,7 +211,7 @@ WARNING! 53 unread bytes
--
Samba Shared Repository
