The branch, master has been updated
via b4563a24904 fuzz: allow max size conditional ACE round-trip failure
via 21853b01e65 libcli/security: sddl conditional ACE: write -0 when
asked
via 8f0c91f3a83 libcli/security: rearrange conditional ACE
sddl_write_int
via 46f61570714 libcli/security: tests for signed zeros in sddl
condtional ACEs
via 8a9f395821d librpc: Do not allow u16string to be encoded in a
big‐endian context
via 346844b730b librpc: Change type of ‘u16string’ from ‘const uint16_t
*’ to ‘const unsigned char *’
via 65db36ca327 librpc: Add missing spaces to error messages
via a38025b3a73 s3/lib: add log_panic_action()
via 85c4d03e38a s3/lib: factor out call_panic_action() from
smb_panic_s3()
from 080a62bba87 tests/krb5: Add Python implementation and tests for
Group Key Distribution Service
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b4563a24904e823497552f6e4ef77e8041f2cc5d
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Wed Dec 20 14:26:00 2023 +1300
fuzz: allow max size conditional ACE round-trip failure
The encoder, being cautious not to overstep the arbitrary 10000 byte
boundary, might not encode an exactly 10000 byte condition. This
is an off-by-one, but in the safe direction.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65118
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Fri Dec 22 00:51:13 UTC 2023 on atb-devel-224
commit 21853b01e65f8b79bdf478d4fe470dcb1639cc48
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Wed Dec 20 13:40:15 2023 +1300
libcli/security: sddl conditional ACE: write -0 when asked
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 8f0c91f3a833b24c27e63721ca15838c92a1cea4
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Wed Dec 20 13:38:53 2023 +1300
libcli/security: rearrange conditional ACE sddl_write_int
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 46f61570714fffe43f5328cd46e1d1848a4d5daa
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Wed Dec 20 13:37:29 2023 +1300
libcli/security: tests for signed zeros in sddl condtional ACEs
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 8a9f395821d62273e28f32895a4c3116a0606423
Author: Joseph Sutton <josephsut...@catalyst.net.nz>
Date: Fri Dec 22 09:58:53 2023 +1300
librpc: Do not allow u16string to be encoded in a big‐endian context
Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 346844b730b06fe5ad53dc93fc0f4d4470794cb5
Author: Joseph Sutton <josephsut...@catalyst.net.nz>
Date: Thu Dec 21 11:51:19 2023 +1300
librpc: Change type of ‘u16string’ from ‘const uint16_t *’ to ‘const
unsigned char *’
A u16string is supposed to contain UTF‐16 code units, but
ndr_pull_u16string() and ndr_push_u16string() fail to correctly ensure
this on big‐endian systems. Code that relies on the u16string array
containing correct values will then fail.
Fix ndr_pull_u16string() and ndr_push_u16string() to work on big‐endian
systems, ensuring that other code can use these strings without having
to worry about first encoding them to little‐endian.
Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 65db36ca327d10344566e2fb4330e19050d645ef
Author: Joseph Sutton <josephsut...@catalyst.net.nz>
Date: Fri Dec 22 09:54:55 2023 +1300
librpc: Add missing spaces to error messages
Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit a38025b3a73b9fe96c9a99adf4dfa5536806c15f
Author: Ralph Boehme <s...@samba.org>
Date: Wed Dec 13 07:57:46 2023 +0100
s3/lib: add log_panic_action()
Can be used to log a nice stack backtrace with full debug symbols by setting
"panic action" to something like
panic action = cd /home/slow/git/samba/master &&
/home/slow/git/samba/master/selftest/gdb_backtrace %d
This is similar to log_stack_trace(), but that doesn't come with debug
symbols.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 85c4d03e38a5c983e7b99ca48c3e262465485a56
Author: Ralph Boehme <s...@samba.org>
Date: Fri Dec 15 07:15:22 2023 +0100
s3/lib: factor out call_panic_action() from smb_panic_s3()
No change in behaviour. Best viewed with git show -w.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/fuzzing/fuzz_conditional_ace_blob.c | 11 ++++++
lib/util/charset/charset.h | 6 +--
lib/util/charset/util_unistr.c | 25 +++++-------
libcli/security/sddl_conditional_ace.c | 19 +++++----
libcli/security/tests/test_sddl_conditional_ace.c | 2 +
librpc/ABI/ndr-4.0.0.sigs | 6 +--
librpc/ndr/libndr.h | 2 +-
librpc/ndr/ndr_string.c | 44 +++++++++++++++------
librpc/tests/test_ndr_gmsa.c | 47 +++++++++++++----------
pidl/lib/Parse/Pidl/Samba4/Python.pm | 2 +-
pidl/lib/Parse/Pidl/Typelist.pm | 2 +-
source3/include/proto.h | 1 +
source3/lib/util.c | 43 +++++++++++++++------
source4/librpc/rpc/pyrpc_util.c | 6 +--
source4/librpc/rpc/pyrpc_util.h | 4 +-
15 files changed, 142 insertions(+), 78 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/fuzzing/fuzz_conditional_ace_blob.c
b/lib/fuzzing/fuzz_conditional_ace_blob.c
index ed0bbd536bc..ebbd90883aa 100644
--- a/lib/fuzzing/fuzz_conditional_ace_blob.c
+++ b/lib/fuzzing/fuzz_conditional_ace_blob.c
@@ -73,6 +73,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len)
/* back to blob form */
ok = conditional_ace_encode_binary(mem_ctx, s1, &e2);
if (! ok) {
+ if (e1.length == CONDITIONAL_ACE_MAX_LENGTH) {
+ /*
+ * This is an edge case where the encoder and
+ * decoder treat the boundary slightly
+ * differently, and the encoder refuses to
+ * encode to the maximum length. This is not
+ * an issue in the real world.
+ */
+ TALLOC_FREE(mem_ctx);
+ return 0;
+ }
abort();
}
diff --git a/lib/util/charset/charset.h b/lib/util/charset/charset.h
index aa691734713..12dc348bdb7 100644
--- a/lib/util/charset/charset.h
+++ b/lib/util/charset/charset.h
@@ -129,9 +129,9 @@ limited by 'n' bytes
**/
size_t utf16_null_terminated_len_n(const void *src, size_t n);
-uint16_t *talloc_utf16_strlendup(TALLOC_CTX *mem_ctx, const char *str, size_t
len);
-uint16_t *talloc_utf16_strdup(TALLOC_CTX *mem_ctx, const char *str);
-uint16_t *talloc_utf16_strndup(TALLOC_CTX *mem_ctx, const char *str, size_t n);
+unsigned char *talloc_utf16_strlendup(TALLOC_CTX *mem_ctx, const char *str,
size_t len);
+unsigned char *talloc_utf16_strdup(TALLOC_CTX *mem_ctx, const char *str);
+unsigned char *talloc_utf16_strndup(TALLOC_CTX *mem_ctx, const char *str,
size_t n);
char *strchr_m(const char *s, char c);
/**
diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c
index fa1a100e596..830b4808c54 100644
--- a/lib/util/charset/util_unistr.c
+++ b/lib/util/charset/util_unistr.c
@@ -243,9 +243,9 @@ size_t utf16_null_terminated_len_n(const void *src, size_t
n)
return len;
}
-uint16_t *talloc_utf16_strlendup(TALLOC_CTX *mem_ctx, const char *str, size_t
len)
+unsigned char *talloc_utf16_strlendup(TALLOC_CTX *mem_ctx, const char *str,
size_t len)
{
- uint16_t *new_str = NULL;
+ unsigned char *new_str = NULL;
/* Check for overflow. */
if (len > SIZE_MAX - 2) {
@@ -263,22 +263,17 @@ uint16_t *talloc_utf16_strlendup(TALLOC_CTX *mem_ctx,
const char *str, size_t le
memcpy(new_str, str, len);
- {
- /*
- * Ensure that the UTF‐16 string is
- * null‐terminated.
- */
-
- char *new_bytes = (char *)new_str;
-
- new_bytes[len] = '\0';
- new_bytes[len + 1] = '\0';
- }
+ /*
+ * Ensure that the UTF‐16 string is
+ * null‐terminated.
+ */
+ new_str[len] = '\0';
+ new_str[len + 1] = '\0';
return new_str;
}
-uint16_t *talloc_utf16_strdup(TALLOC_CTX *mem_ctx, const char *str)
+unsigned char *talloc_utf16_strdup(TALLOC_CTX *mem_ctx, const char *str)
{
if (str == NULL) {
return NULL;
@@ -286,7 +281,7 @@ uint16_t *talloc_utf16_strdup(TALLOC_CTX *mem_ctx, const
char *str)
return talloc_utf16_strlendup(mem_ctx, str, utf16_len(str));
}
-uint16_t *talloc_utf16_strndup(TALLOC_CTX *mem_ctx, const char *str, size_t n)
+unsigned char *talloc_utf16_strndup(TALLOC_CTX *mem_ctx, const char *str,
size_t n)
{
if (str == NULL) {
return NULL;
diff --git a/libcli/security/sddl_conditional_ace.c
b/libcli/security/sddl_conditional_ace.c
index b5d0a3afa3a..e9d83b7f9c1 100644
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -623,6 +623,7 @@ static bool sddl_write_int(struct sddl_write_context *ctx,
uint8_t sign = tok->data.int64.sign;
uint8_t base = tok->data.int64.base;
char buf[26]; /* oct(1<<63) + sign + \0 */
+ char sign_char;
if (sign > CONDITIONAL_ACE_INT_SIGN_NONE ||
base > CONDITIONAL_ACE_INT_BASE_16) {
return false;
@@ -650,12 +651,18 @@ static bool sddl_write_int(struct sddl_write_context *ctx,
/* note we allow "-0", because we will parse it. */
return false;
}
+ sign_char = (sign == CONDITIONAL_ACE_INT_SIGN_NEGATIVE) ? '-' : '+';
/*
- * We can use "%+ld" for the decimal sign, but "%+lx" and "%+lo" are
- * invalid because %o and %x are unsigned.
+ * We can use "%+ld" for the decimal sign (except -0), but
+ * "%+lx" and "%+lo" are invalid because %o and %x are
+ * unsigned.
*/
if (base == CONDITIONAL_ACE_INT_BASE_10) {
- snprintf(buf, sizeof(buf), "%+"PRId64, v);
+ if (v == 0) {
+ snprintf(buf, sizeof(buf), "%c0", sign_char);
+ } else {
+ snprintf(buf, sizeof(buf), "%+"PRId64, v);
+ }
return sddl_write(ctx, buf);
}
@@ -670,12 +677,10 @@ static bool sddl_write_int(struct sddl_write_context *ctx,
return sddl_write(ctx, "-0x8000000000000000");
}
- buf[0] = (sign == CONDITIONAL_ACE_INT_SIGN_NEGATIVE) ? '-' : '+';
-
if (base == CONDITIONAL_ACE_INT_BASE_8) {
- snprintf(buf + 1, sizeof(buf) - 1, "0%llo", llabs(v));
+ snprintf(buf, sizeof(buf), "%c0%llo", sign_char, llabs(v));
} else {
- snprintf(buf + 1, sizeof(buf) - 1, "0x%llx", llabs(v));
+ snprintf(buf, sizeof(buf), "%c0x%llx", sign_char, llabs(v));
}
return sddl_write(ctx, buf);
}
diff --git a/libcli/security/tests/test_sddl_conditional_ace.c
b/libcli/security/tests/test_sddl_conditional_ace.c
index 3ea9e23b2b8..fc9281d92f4 100644
--- a/libcli/security/tests/test_sddl_conditional_ace.c
+++ b/libcli/security/tests/test_sddl_conditional_ace.c
@@ -587,6 +587,8 @@ static void test_round_trips(void **state)
* which then parses again into the same conditional ACE.
*/
static const char *sddl[] = {
+ "(0>-0)",
+ "(0>+0)",
("(Member_of{SID(AA)})"),
("(a Contains @USER.b == @device.c)"),
("(a == @user.b == @resource.c)"),
diff --git a/librpc/ABI/ndr-4.0.0.sigs b/librpc/ABI/ndr-4.0.0.sigs
index 66a1b64cf60..5474a5184b0 100644
--- a/librpc/ABI/ndr-4.0.0.sigs
+++ b/librpc/ABI/ndr-4.0.0.sigs
@@ -81,7 +81,7 @@ ndr_print_svcctl_ServerType: void (struct ndr_print *, const
char *, uint32_t)
ndr_print_time_t: void (struct ndr_print *, const char *, time_t)
ndr_print_timespec: void (struct ndr_print *, const char *, const struct
timespec *)
ndr_print_timeval: void (struct ndr_print *, const char *, const struct
timeval *)
-ndr_print_u16string: void (struct ndr_print *, const char *, const uint16_t *)
+ndr_print_u16string: void (struct ndr_print *, const char *, const unsigned
char *)
ndr_print_udlong: void (struct ndr_print *, const char *, uint64_t)
ndr_print_udlongr: void (struct ndr_print *, const char *, uint64_t)
ndr_print_uid_t: void (struct ndr_print *, const char *, uid_t)
@@ -158,7 +158,7 @@ ndr_pull_time_t: enum ndr_err_code (struct ndr_pull *,
ndr_flags_type, time_t *)
ndr_pull_timespec: enum ndr_err_code (struct ndr_pull *, ndr_flags_type,
struct timespec *)
ndr_pull_timeval: enum ndr_err_code (struct ndr_pull *, ndr_flags_type, struct
timeval *)
ndr_pull_trailer_align: enum ndr_err_code (struct ndr_pull *, size_t)
-ndr_pull_u16string: enum ndr_err_code (struct ndr_pull *, ndr_flags_type,
const uint16_t **)
+ndr_pull_u16string: enum ndr_err_code (struct ndr_pull *, ndr_flags_type,
const unsigned char **)
ndr_pull_udlong: enum ndr_err_code (struct ndr_pull *, ndr_flags_type,
uint64_t *)
ndr_pull_udlongr: enum ndr_err_code (struct ndr_pull *, ndr_flags_type,
uint64_t *)
ndr_pull_uid_t: enum ndr_err_code (struct ndr_pull *, ndr_flags_type, uid_t *)
@@ -234,7 +234,7 @@ ndr_push_time_t: enum ndr_err_code (struct ndr_push *,
ndr_flags_type, time_t)
ndr_push_timespec: enum ndr_err_code (struct ndr_push *, ndr_flags_type, const
struct timespec *)
ndr_push_timeval: enum ndr_err_code (struct ndr_push *, ndr_flags_type, const
struct timeval *)
ndr_push_trailer_align: enum ndr_err_code (struct ndr_push *, size_t)
-ndr_push_u16string: enum ndr_err_code (struct ndr_push *, ndr_flags_type,
const uint16_t *)
+ndr_push_u16string: enum ndr_err_code (struct ndr_push *, ndr_flags_type,
const unsigned char *)
ndr_push_udlong: enum ndr_err_code (struct ndr_push *, ndr_flags_type,
uint64_t)
ndr_push_udlongr: enum ndr_err_code (struct ndr_push *, ndr_flags_type,
uint64_t)
ndr_push_uid_t: enum ndr_err_code (struct ndr_push *, ndr_flags_type, uid_t)
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index adcbdf18c0c..70dd01e49a6 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -806,7 +806,7 @@ NDR_SCALAR_PROTO(DATA_BLOB, DATA_BLOB)
NDR_SCALAR_PROTO(ipv4address, const char *)
NDR_SCALAR_PROTO(ipv6address, const char *)
NDR_SCALAR_PROTO(string, const char *)
-NDR_SCALAR_PROTO(u16string, const uint16_t *)
+NDR_SCALAR_PROTO(u16string, const unsigned char *)
NDR_SCALAR_PROTO(double, double)
enum ndr_err_code ndr_pull_policy_handle(struct ndr_pull *ndr, ndr_flags_type
ndr_flags, struct policy_handle *r);
diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index 0d18354a5de..323886b2fe5 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -481,9 +481,9 @@ _PUBLIC_ uint32_t ndr_size_string(int ret, const char *
const* string, ndr_flags
*/
_PUBLIC_ enum ndr_err_code ndr_pull_u16string(struct ndr_pull *ndr,
ndr_flags_type ndr_flags,
- const uint16_t **s)
+ const unsigned char **s)
{
- uint16_t *as = NULL;
+ unsigned char *as = NULL;
const char *const src_str = (char *)ndr->data + ndr->offset;
size_t src_len = 0;
@@ -491,12 +491,23 @@ _PUBLIC_ enum ndr_err_code ndr_pull_u16string(struct
ndr_pull *ndr,
return NDR_ERR_SUCCESS;
}
+ if (NDR_BE(ndr)) {
+ /*
+ * It isn’t clear how this type should be encoded in a
+ * big‐endian context.
+ */
+ return ndr_pull_error(
+ ndr,
+ NDR_ERR_STRING,
+ "u16string does not support big‐endian encoding\n");
+ }
+
if (ndr->flags & LIBNDR_ENCODING_FLAGS) {
return ndr_pull_error(
ndr,
NDR_ERR_STRING,
"Unsupported string flags 0x%" PRI_LIBNDR_FLAGS
- "passed to ndr_pull_u16string()\n",
+ " passed to ndr_pull_u16string()\n",
ndr->flags & LIBNDR_STRING_FLAGS);
}
@@ -518,7 +529,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_u16string(struct
ndr_pull *ndr,
ndr,
NDR_ERR_STRING,
"Unsupported string flags 0x%" PRI_LIBNDR_FLAGS
- "passed to ndr_pull_u16string()\n",
+ " passed to ndr_pull_u16string()\n",
ndr->flags & LIBNDR_STRING_FLAGS);
}
@@ -544,7 +555,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_u16string(struct
ndr_pull *ndr,
*/
_PUBLIC_ enum ndr_err_code ndr_push_u16string(struct ndr_push *ndr,
ndr_flags_type ndr_flags,
- const uint16_t *s)
+ const unsigned char *s)
{
size_t s_len;
@@ -552,6 +563,17 @@ _PUBLIC_ enum ndr_err_code ndr_push_u16string(struct
ndr_push *ndr,
return NDR_ERR_SUCCESS;
}
+ if (NDR_BE(ndr)) {
+ /*
+ * It isn’t clear how this type should be encoded in a
+ * big‐endian context.
+ */
+ return ndr_push_error(
+ ndr,
+ NDR_ERR_STRING,
+ "u16string does not support big‐endian encoding\n");
+ }
+
if (s == NULL) {
return ndr_push_error(
ndr,
@@ -572,18 +594,18 @@ _PUBLIC_ enum ndr_err_code ndr_push_u16string(struct
ndr_push *ndr,
ndr,
NDR_ERR_STRING,
"Unsupported string flags 0x%" PRI_LIBNDR_FLAGS
- "passed to ndr_push_u16string()\n",
+ " passed to ndr_push_u16string()\n",
ndr->flags & LIBNDR_STRING_FLAGS);
}
switch (ndr->flags & LIBNDR_STRING_FLAGS) {
case LIBNDR_FLAG_STR_NULLTERM:
- NDR_CHECK(ndr_push_bytes(ndr, (const uint8_t *)s, s_len));
+ NDR_CHECK(ndr_push_bytes(ndr, s, s_len));
break;
default:
if (ndr->flags & LIBNDR_FLAG_REMAINING) {
- NDR_CHECK(ndr_push_bytes(ndr, (const uint8_t *)s,
s_len));
+ NDR_CHECK(ndr_push_bytes(ndr, s, s_len));
break;
}
@@ -591,7 +613,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_u16string(struct
ndr_push *ndr,
ndr,
NDR_ERR_STRING,
"Unsupported string flags 0x%" PRI_LIBNDR_FLAGS
- "passed to ndr_push_u16string()\n",
+ " passed to ndr_push_u16string()\n",
ndr->flags & LIBNDR_STRING_FLAGS);
}
@@ -600,11 +622,11 @@ _PUBLIC_ enum ndr_err_code ndr_push_u16string(struct
ndr_push *ndr,
_PUBLIC_ void ndr_print_u16string(struct ndr_print *ndr,
const char *name,
- const uint16_t *s)
+ const unsigned char *s)
{
return ndr_print_array_uint8(ndr,
name,
- (const uint8_t *)s,
+ s,
utf16_len(s));
}
diff --git a/librpc/tests/test_ndr_gmsa.c b/librpc/tests/test_ndr_gmsa.c
index 9834ce7249a..67aa7c2ba2e 100644
--- a/librpc/tests/test_ndr_gmsa.c
+++ b/librpc/tests/test_ndr_gmsa.c
@@ -27,21 +27,24 @@
#include "lib/replace/replace.h"
#include "lib/util/attr.h"
+#include "lib/util/bytearray.h"
#include "librpc/gen_ndr/ndr_gmsa.h"
#include "librpc/gen_ndr/gmsa.h"
-static void assert_utf16_equal(const uint16_t *s1, const uint16_t *s2)
+static void assert_utf16_equal(const unsigned char *s1, const unsigned char
*s2)
{
uint16_t c1;
uint16_t c2;
+ size_t n = 0;
assert_non_null(s1);
assert_non_null(s2);
do {
- c1 = *s1++;
- c2 = *s2++;
+ c1 = PULL_LE_U16(s1, n);
+ c2 = PULL_LE_U16(s2, n);
assert_int_equal(c1, c2);
+ n += 2;
} while (c1);
}
@@ -82,23 +85,27 @@ static void test_managed_password_blob(void **state)
const DATA_BLOB blob = {data, sizeof data};
/* The UTF‐16 password contained in the blob. */
- const uint16_t current_password[] = {
- 16781, 38893, 3992, 51373, 15923, 7932, 46125, 2558, 34452,
- 30290, 33629, 52175, 11237, 39662, 24149, 37397, 11132, 19333,
- 4008, 61917, 9782, 34431, 59396, 14004, 57456, 4643, 36018,
- 13809, 19377, 45615, 4500, 41906, 13134, 3922, 30149, 14594,
- 62323, 37627, 63819, 14101, 32226, 28757, 21916, 10026, 4483,
- 50729, 41961, 43820, 37254, 34397, 24410, 18164, 35324, 51276,
- 5135, 22021, 60285, 770, 63905, 6660, 52725, 4490, 8697,
- 38539, 36481, 5923, 48763, 22745, 32851, 6331, 17667, 14586,
- 22153, 50590, 31390, 25994, 64532, 26985, 7286, 6379, 64476,
- 11322, 59188, 19010, 55290, 24783, 14809, 6553, 1291, 20746,
- 50886, 62962, 23379, 44922, 7754, 6910, 29146, 63937, 24509,
- 38781, 60409, 17028, 43589, 36843, 39787, 8730, 7072, 20390,
- 26656, 25846, 19514, 26258, 27121, 38664, 5283, 59418, 35361,
- 47263, 48001, 31518, 4533, 21653, 63671, 65234, 25134, 3297,
- 50225, 38336, 0,
- };
+ const unsigned char current_password[] = {
+ 141, 65, 237, 151, 152, 15, 173, 200, 51, 62, 252, 30, 45,
+ 180, 254, 9, 148, 134, 82, 118, 93, 131, 207, 203, 229, 43,
+ 238, 154, 85, 94, 21, 146, 124, 43, 133, 75, 168, 15, 221,
+ 241, 54, 38, 127, 134, 4, 232, 180, 54, 112, 224, 35, 18,
+ 178, 140, 241, 53, 177, 75, 47, 178, 148, 17, 178, 163, 78,
+ 51, 82, 15, 197, 117, 2, 57, 115, 243, 251, 146, 75, 249,
+ 21, 55, 226, 125, 85, 112, 156, 85, 42, 39, 131, 17, 41,
+ 198, 233, 163, 44, 171, 134, 145, 93, 134, 90, 95, 244, 70,
+ 252, 137, 76, 200, 15, 20, 5, 86, 125, 235, 2, 3, 161,
+ 249, 4, 26, 245, 205, 138, 17, 249, 33, 139, 150, 129, 142,
+ 35, 23, 123, 190, 217, 88, 83, 128, 187, 24, 3, 69, 250,
+ 56, 137, 86, 158, 197, 158, 122, 138, 101, 20, 252, 105, 105,
+ 118, 28, 235, 24, 220, 251, 58, 44, 52, 231, 66, 74, 250,
+ 215, 207, 96, 217, 57, 153, 25, 11, 5, 10, 81, 198, 198,
+ 242, 245, 83, 91, 122, 175, 74, 30, 254, 26, 218, 113, 193,
+ 249, 189, 95, 125, 151, 249, 235, 132, 66, 69, 170, 235, 143,
+ 107, 155, 26, 34, 160, 27, 166, 79, 32, 104, 246, 100, 58,
+ 76, 146, 102, 241, 105, 8, 151, 163, 20, 26, 232, 33, 138,
+ 159, 184, 129, 187, 30, 123, 181, 17, 149, 84, 183, 248, 210,
+ 254, 46, 98, 225, 12, 49, 196, 192, 149, 0, 0};
DATA_BLOB packed_blob = data_blob_null;
diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm
b/pidl/lib/Parse/Pidl/Samba4/Python.pm
index 57f8e8b5638..c09ee4b784d 100644
--- a/pidl/lib/Parse/Pidl/Samba4/Python.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm
@@ -1706,7 +1706,7 @@ sub ConvertU16StringFromPythonData($$$$$)
$self->pidl("{");
$self->indent;
- $self->pidl("uint16_t *str = NULL;");
+ $self->pidl("unsigned char *str = NULL;");
$self->pidl("");
$self->pidl("str = PyUtf16String_FromBytes(");
$self->pidl(" $mem_ctx, $py_var);");
diff --git a/pidl/lib/Parse/Pidl/Typelist.pm b/pidl/lib/Parse/Pidl/Typelist.pm
index 09d416f7b20..31ea19e357c 100644
--- a/pidl/lib/Parse/Pidl/Typelist.pm
+++ b/pidl/lib/Parse/Pidl/Typelist.pm
@@ -56,7 +56,7 @@ my %scalars = (
"pointer" => "void*",
"DATA_BLOB" => "DATA_BLOB",
"string" => "const char *",
- "u16string" => "const uint16_t *",
+ "u16string" => "const unsigned char *",
"string_array" => "const char **",
"time_t" => "time_t",
"uid_t" => "uid_t",
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5c1ba851287..49b5a47a06b 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -317,6 +317,7 @@ char *gidtoname(gid_t gid);
uid_t nametouid(const char *name);
gid_t nametogid(const char *name);
void smb_panic_s3(const char *why);
+void log_panic_action(const char *msg);
const char *readdirname(DIR *p);
bool is_in_path(const char *name, name_compare_entry *namelist, bool
case_sensitive);
void set_namearray(name_compare_entry **ppname_array, const char *namelist);
diff --git a/source3/lib/util.c b/source3/lib/util.c
index fa01f419d65..51dc50d0b66 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -675,13 +675,20 @@ gid_t nametogid(const char *name)
Something really nasty happened - panic !
********************************************************************/
-void smb_panic_s3(const char *why)
+static void call_panic_action(const char *why, bool as_root)
{
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
char *cmd;
int result;
+ cmd = lp_panic_action(talloc_tos(), lp_sub);
+ if (cmd == NULL || cmd[0] == '\0') {
+ return;
+ }
+
+ DBG_ERR("Calling panic action [%s]\n", cmd);
+
#if defined(HAVE_PRCTL) && defined(PR_SET_PTRACER)
/*
* Make sure all children can attach a debugger.
@@ -689,22 +696,36 @@ void smb_panic_s3(const char *why)
prctl(PR_SET_PTRACER, getpid(), 0, 0, 0);
#endif
- cmd = lp_panic_action(talloc_tos(), lp_sub);
- if (cmd && *cmd) {
- DEBUG(0, ("smb_panic(): calling panic action [%s]\n", cmd));
- result = system(cmd);
+ if (as_root) {
+ become_root();
+ }
- if (result == -1)
- DEBUG(0, ("smb_panic(): fork failed in panic action:
%s\n",
- strerror(errno)));
- else
- DEBUG(0, ("smb_panic(): action returned status %d\n",
- WEXITSTATUS(result)));
+ result = system(cmd);
+
+ if (as_root) {
+ unbecome_root();
}
+ if (result == -1)
+ DBG_ERR("fork failed in panic action: %s\n",
+ strerror(errno));
+ else
+ DBG_ERR("action returned status %d\n",
+ WEXITSTATUS(result));
+}
+
+void smb_panic_s3(const char *why)
+{
+ call_panic_action(why, false);
dump_core();
}
--
Samba Shared Repository
