diff options
| -rw-r--r-- | lib/crypto/hmacmd5.h | 2 | ||||
| -rw-r--r-- | lib/crypto/hmacmd5test.c | 2 | ||||
| -rw-r--r-- | lib/crypto/hmacsha256.c | 2 | ||||
| -rw-r--r-- | lib/crypto/md4test.c | 2 | ||||
| -rw-r--r-- | lib/crypto/md5test.c | 2 | ||||
| -rw-r--r-- | source3/Makefile.in | 2 | ||||
| -rw-r--r-- | source3/include/includes.h | 1 | ||||
| -rw-r--r-- | source3/include/proto.h | 4 | ||||
| -rw-r--r-- | source3/lib/crc32.c | 103 | ||||
| -rw-r--r-- | source3/libsmb/ntlmssp_sign.c | 4 | ||||
| -rw-r--r-- | source3/libsmb/smbencrypt.c | 2 | ||||
| -rw-r--r-- | source4/Makefile | 3 | ||||
| -rw-r--r-- | source4/auth/gensec/gensec.h | 1 | ||||
| -rw-r--r-- | source4/auth/gensec/socket.c | 13 | ||||
| -rw-r--r-- | source4/ldap_server/ldap_bind.c | 1 | ||||
| -rwxr-xr-x | source4/lib/ldb/tests/python/ldap.py | 5 | ||||
| -rw-r--r-- | source4/libcli/ldap/ldap_bind.c | 1 | ||||
| -rw-r--r-- | source4/libcli/ldap/ldap_client.c | 21 |
18 files changed, 40 insertions, 131 deletions
diff --git a/lib/crypto/hmacmd5.h b/lib/crypto/hmacmd5.h index d649906bb4..91b8ca586c 100644 --- a/lib/crypto/hmacmd5.h +++ b/lib/crypto/hmacmd5.h @@ -21,6 +21,8 @@ #ifndef _HMAC_MD5_H #define _HMAC_MD5_H +#include "../lib/crypto/md5.h" + typedef struct { struct MD5Context ctx; diff --git a/lib/crypto/hmacmd5test.c b/lib/crypto/hmacmd5test.c index 07ed54c98d..0a98404eda 100644 --- a/lib/crypto/hmacmd5test.c +++ b/lib/crypto/hmacmd5test.c @@ -17,7 +17,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" -#include "lib/crypto/crypto.h" +#include "../lib/crypto/crypto.h" struct torture_context; diff --git a/lib/crypto/hmacsha256.c b/lib/crypto/hmacsha256.c index 6b0af9ee83..53d4fe3883 100644 --- a/lib/crypto/hmacsha256.c +++ b/lib/crypto/hmacsha256.c @@ -27,7 +27,7 @@ */ #include "includes.h" -#include "lib/crypto/crypto.h" +#include "../lib/crypto/crypto.h" /*********************************************************************** the rfc 2104/2202 version of hmac_sha256 initialisation. diff --git a/lib/crypto/md4test.c b/lib/crypto/md4test.c index 5e0451973c..dddf9e61a0 100644 --- a/lib/crypto/md4test.c +++ b/lib/crypto/md4test.c @@ -18,7 +18,7 @@ */ #include "includes.h" -#include "lib/crypto/crypto.h" +#include "../lib/crypto/crypto.h" struct torture_context; diff --git a/lib/crypto/md5test.c b/lib/crypto/md5test.c index 702e0fcf41..1244dca753 100644 --- a/lib/crypto/md5test.c +++ b/lib/crypto/md5test.c @@ -18,7 +18,7 @@ */ #include "includes.h" -#include "lib/crypto/crypto.h" +#include "../lib/crypto/crypto.h" struct torture_context; diff --git a/source3/Makefile.in b/source3/Makefile.in index d48e597ce3..b8ce0523dd 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -320,7 +320,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) \ lib/signal.o lib/system.o lib/sendfile.o lib/recvfile.o lib/time.o \ lib/ufc.o lib/genrand.o lib/username.o \ lib/util_pw.o lib/access.o lib/smbrun.o \ - lib/bitmap.o lib/crc32.o lib/dprintf.o \ + lib/bitmap.o ../lib/crypto/crc32.o lib/dprintf.o \ lib/xfile.o lib/wins_srv.o $(UTIL_REG_OBJ) \ lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_uuid.o \ lib/util_unistr.o lib/util_file.o lib/data_blob.o \ diff --git a/source3/include/includes.h b/source3/include/includes.h index 25135d75ed..0417a7e01c 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -688,6 +688,7 @@ typedef char fstring[FSTRING_LEN]; #include "rap.h" #include "../lib/crypto/md5.h" #include "../lib/crypto/arcfour.h" +#include "../lib/crypto/crc32.h" #include "../lib/crypto/hmacmd5.h" #include "ntlmssp.h" #include "auth.h" diff --git a/source3/include/proto.h b/source3/include/proto.h index ad7350c5d1..198248c517 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -432,10 +432,6 @@ int connections_forall(int (*fn)(struct db_record *rec, void *private_data); bool connections_init(bool rw); -/* The following definitions come from lib/crc32.c */ - -uint32 crc32_calc_buffer(const char *buf, size_t size); - /* The following definitions come from lib/data_blob.c */ DATA_BLOB data_blob(const void *p, size_t length); diff --git a/source3/lib/crc32.c b/source3/lib/crc32.c deleted file mode 100644 index a4ae90c469..0000000000 --- a/source3/lib/crc32.c +++ /dev/null @@ -1,103 +0,0 @@ -/*- - * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or - * code or tables extracted from it, as desired without restriction. - * - * First, the polynomial itself and its table of feedback terms. The - * polynomial is - * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0 - * - * Note that we take it "backwards" and put the highest-order term in - * the lowest-order bit. The X^32 term is "implied"; the LSB is the - * X^31 term, etc. The X^0 term (usually shown as "+1") results in - * the MSB being 1 - * - * Note that the usual hardware shift register implementation, which - * is what we're using (we're merely optimizing it by doing eight-bit - * chunks at a time) shifts bits into the lowest-order term. In our - * implementation, that means shifting towards the right. Why do we - * do it this way? Because the calculated CRC must be transmitted in - * order from highest-order term to lowest-order term. UARTs transmit - * characters in order from LSB to MSB. By storing the CRC this way - * we hand it to the UART in the order low-byte to high-byte; the UART - * sends each low-bit to hight-bit; and the result is transmission bit - * by bit from highest- to lowest-order term without requiring any bit - * shuffling on our part. Reception works similarly - * - * The feedback terms table consists of 256, 32-bit entries. Notes - * - * The table can be generated at runtime if desired; code to do so - * is shown later. It might not be obvious, but the feedback - * terms simply represent the results of eight shift/xor opera - * tions for all combinations of data and CRC register values - * - * The values must be right-shifted by eight bits by the "updcrc - * logic; the shift must be unsigned (bring in zeroes). On some - * hardware you could probably optimize the shift in assembler by - * using byte-swap instructions - * polynomial $edb88320 - * - * - * CRC32 code derived from work by Gary S. Brown. - */ - -#include "includes.h" - -static const uint32 crc32_tab[] = { - 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, - 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, - 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, - 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, - 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, - 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, - 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, - 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, - 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, - 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, - 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, - 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, - 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, - 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, - 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, - 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, - 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, - 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, - 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, - 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, - 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, - 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, - 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, - 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, - 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, - 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, - 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, - 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, - 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, - 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, - 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, - 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, - 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, - 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, - 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, - 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, - 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, - 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, - 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, - 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, - 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, - 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, - 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d -}; - -uint32 crc32_calc_buffer(const char *buf, size_t size) -{ - const unsigned char *p; - uint32 crc; - - p = (const unsigned char *)buf; - crc = ~0U; - - while (size--) - crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); - - return crc ^ ~0U; -} diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c index 4db5141cce..5120544058 100644 --- a/source3/libsmb/ntlmssp_sign.c +++ b/source3/libsmb/ntlmssp_sign.c @@ -117,7 +117,7 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state, } else { uint32 crc; - crc = crc32_calc_buffer((const char *)data, length); + crc = crc32_calc_buffer(data, length); if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) { return NT_STATUS_NO_MEMORY; } @@ -265,7 +265,7 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state, } } else { uint32 crc; - crc = crc32_calc_buffer((const char *)data, length); + crc = crc32_calc_buffer(data, length); if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 0742976635..05fd808a32 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -847,7 +847,7 @@ DATA_BLOB decrypt_drsuapi_blob(TALLOC_CTX *mem_ctx, * of the remaining bytes */ crc32_given = IVAL(dec_buffer.data, 0); - crc32_calc = crc32_calc_buffer((const char *)dec_buffer.data + 4 , dec_buffer.length - 4); + crc32_calc = crc32_calc_buffer(dec_buffer.data + 4 , dec_buffer.length - 4); if (crc32_given != crc32_calc) { DEBUG(1,("CRC32: given[0x%08X] calc[0x%08X]\n", crc32_given, crc32_calc)); diff --git a/source4/Makefile b/source4/Makefile index 3630adce56..813f0cedd4 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -132,6 +132,9 @@ else include $(srcdir)/static_deps.mk endif +clean:: + @find ../lib ../libcli -name '*.o' -o -name '*.hd' | xargs rm -f + DEFAULT_HEADERS = $(srcdir)/lib/util/dlinklist.h \ $(srcdir)/version.h diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 2830297ffe..84fc26d127 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -174,6 +174,7 @@ struct gensec_security; struct socket_context; NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, struct socket_context *current_socket, struct event_context *ev, void (*recv_handler)(void *, uint16_t), diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c index 27449bf610..319730e2ca 100644 --- a/source4/auth/gensec/socket.c +++ b/source4/auth/gensec/socket.c @@ -408,8 +408,10 @@ static NTSTATUS gensec_socket_send(struct socket_context *sock, } /* Turn a normal socket into a potentially GENSEC wrapped socket */ +/* CAREFUL: this function will steal 'current_socket' */ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, + TALLOC_CTX *mem_ctx, struct socket_context *current_socket, struct event_context *ev, void (*recv_handler)(void *, uint16_t), @@ -420,7 +422,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, struct socket_context *new_sock; NTSTATUS nt_status; - nt_status = socket_create_with_ops(current_socket, &gensec_socket_ops, &new_sock, + nt_status = socket_create_with_ops(mem_ctx, &gensec_socket_ops, &new_sock, SOCKET_TYPE_STREAM, current_socket->flags | SOCKET_FLAG_ENCRYPT); if (!NT_STATUS_IS_OK(nt_status)) { *new_socket = NULL; @@ -432,22 +434,19 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, gensec_socket = talloc(new_sock, struct gensec_socket); if (gensec_socket == NULL) { *new_socket = NULL; + talloc_free(new_sock); return NT_STATUS_NO_MEMORY; } new_sock->private_data = gensec_socket; gensec_socket->socket = current_socket; - if (talloc_reference(gensec_socket, current_socket) == NULL) { - *new_socket = NULL; - return NT_STATUS_NO_MEMORY; - } - /* Nothing to do here, if we are not actually wrapping on this socket */ if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL) && !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { gensec_socket->wrap = false; + talloc_steal(gensec_socket, current_socket); *new_socket = new_sock; return NT_STATUS_OK; } @@ -469,6 +468,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, gensec_socket->packet = packet_init(gensec_socket); if (gensec_socket->packet == NULL) { *new_socket = NULL; + talloc_free(new_sock); return NT_STATUS_NO_MEMORY; } @@ -481,6 +481,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security, /* TODO: full-request that knows about maximum packet size */ + talloc_steal(gensec_socket, current_socket); *new_socket = new_sock; return NT_STATUS_OK; } diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c index 8357251a8f..20777e5261 100644 --- a/source4/ldap_server/ldap_bind.c +++ b/source4/ldap_server/ldap_bind.c @@ -208,6 +208,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call) } else { ctx->conn = conn; status = gensec_socket_init(conn->gensec, + conn->connection, conn->connection->socket, conn->connection->event.ctx, stream_io_handler_callback, diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index bc6f80e856..6c910b63f1 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -781,7 +781,10 @@ member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """ self.assertTrue("objectGuid" not in res[0]) self.assertTrue("whenCreated" in res[0]) self.assertTrue("nTSecurityDescriptor" in res[0]) - self.assertEquals(res[0]["member"][0].upper(), ("CN=ldaptestuser2,CN=Users," + self.base_dn).upper()) + memberUP = [] + for m in res[0]["member"]: + memberUP.append(m.upper()) + self.assertTrue(("CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP) ldb.modify_ldif(""" dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """ diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c index 65673116be..b66232c02e 100644 --- a/source4/libcli/ldap/ldap_bind.c +++ b/source4/libcli/ldap/ldap_bind.c @@ -387,6 +387,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, if (NT_STATUS_IS_OK(status)) { struct socket_context *sasl_socket; status = gensec_socket_init(conn->gensec, + conn, conn->sock, conn->event.event_ctx, ldap_read_io_handler, diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c index 844238afdb..d7960f901a 100644 --- a/source4/libcli/ldap/ldap_client.c +++ b/source4/libcli/ldap/ldap_client.c @@ -77,6 +77,12 @@ static void ldap_connection_dead(struct ldap_connection *conn) { struct ldap_request *req; + talloc_free(conn->sock); /* this will also free event.fde */ + talloc_free(conn->packet); + conn->sock = NULL; + conn->event.fde = NULL; + conn->packet = NULL; + /* return an error for any pending request ... */ while (conn->pending) { req = conn->pending; @@ -87,12 +93,6 @@ static void ldap_connection_dead(struct ldap_connection *conn) req->async.fn(req); } } - - talloc_free(conn->sock); /* this will also free event.fde */ - talloc_free(conn->packet); - conn->sock = NULL; - conn->event.fde = NULL; - conn->packet = NULL; } static void ldap_reconnect(struct ldap_connection *conn); @@ -400,6 +400,7 @@ static void ldap_connect_got_sock(struct composite_context *ctx, talloc_steal(conn, conn->sock); if (conn->ldaps) { struct socket_context *tls_socket; + struct socket_context *tmp_socket; char *cafile = private_path(conn->sock, conn->lp_ctx, lp_tls_cafile(conn->lp_ctx)); if (!cafile || !*cafile) { @@ -414,9 +415,11 @@ static void ldap_connect_got_sock(struct composite_context *ctx, talloc_free(conn->sock); return; } - talloc_unlink(conn, conn->sock); - conn->sock = tls_socket; - talloc_steal(conn, conn->sock); + + /* the original socket, must become a child of the tls socket */ + tmp_socket = conn->sock; + conn->sock = talloc_steal(conn, tls_socket); + talloc_steal(conn->sock, tmp_socket); } conn->packet = packet_init(conn); |