diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/include/asn_1.h | 6 | ||||
| -rw-r--r-- | source3/include/includes.h | 4 | ||||
| -rw-r--r-- | source3/lib/replace.c | 18 | ||||
| -rw-r--r-- | source3/lib/system_smbd.c | 15 | ||||
| -rw-r--r-- | source3/libads/ads_ldap.c | 12 | ||||
| -rw-r--r-- | source3/libads/ldap.c | 49 | ||||
| -rw-r--r-- | source3/libads/ldap_printer.c | 8 | ||||
| -rw-r--r-- | source3/libsmb/asn1.c | 21 | ||||
| -rw-r--r-- | source3/libsmb/clispnego.c | 15 | ||||
| -rw-r--r-- | source3/libsmb/errormap.c | 2 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd.c | 2 | ||||
| -rw-r--r-- | source3/smbwrapper/smbsh.c | 10 |
12 files changed, 117 insertions, 45 deletions
diff --git a/source3/include/asn_1.h b/source3/include/asn_1.h index 9cd873c18a..ab7fa5d398 100644 --- a/source3/include/asn_1.h +++ b/source3/include/asn_1.h @@ -55,8 +55,8 @@ typedef struct { #define OID_KERBEROS5_OLD "1 2 840 48018 1 2 2" #define OID_KERBEROS5 "1 2 840 113554 1 2 2" -#define SPNGEO_NEG_RESULT_ACCEPT 0 -#define SPNGEO_NEG_RESULT_INCOMPLETE 1 -#define SPNGEO_NEG_RESULT_REJECT 2 +#define SPNEGO_NEG_RESULT_ACCEPT 0 +#define SPNEGO_NEG_RESULT_INCOMPLETE 1 +#define SPNEGO_NEG_RESULT_REJECT 2 #endif /* _ASN_1_H */ diff --git a/source3/include/includes.h b/source3/include/includes.h index d48103cbe3..5aaf009738 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -962,6 +962,10 @@ size_t strnlen(const char *s, size_t n); unsigned long strtoul(const char *nptr, char **endptr, int base); #endif +#ifndef HAVE_SETENV +int setenv(const char *name, const char *value, int overwrite); +#endif + #if (defined(USE_SETRESUID) && !defined(HAVE_SETRESUID_DECL)) /* stupid glibc */ int setresuid(uid_t ruid, uid_t euid, uid_t suid); diff --git a/source3/lib/replace.c b/source3/lib/replace.c index cd48b8d160..0c62ec9bfa 100644 --- a/source3/lib/replace.c +++ b/source3/lib/replace.c @@ -447,3 +447,21 @@ char *rep_inet_ntoa(struct in_addr ip) return t; } #endif + +#ifndef HAVE_SETENV + int setenv(const char *name, const char *value, int overwrite) +{ + char *p = NULL; + int ret = -1; + + asprintf(&p, "%s=%s", name, value); + + if (overwrite || getenv(name)) { + if (p) ret = putenv(p); + } else { + ret = 0; + } + + return ret; +} +#endif diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 0cd3086945..3ae0a6395e 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -39,7 +39,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { gid_t *gids_saved; - int ret, ngrp_saved; + int ret, ngrp_saved, num_gids; if (non_root_mode()) { *grpcnt = 0; @@ -78,9 +78,16 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in set_effective_gid(gid); setgid(gid); - ret = getgroups(*grpcnt, groups); - if (ret >= 0) { - *grpcnt = ret; + num_gids = getgroups(0, NULL); + if (num_gids + 1 > *grpcnt) { + *grpcnt = num_gids + 1; + ret = -1; + } else { + ret = getgroups(*grpcnt - 1, &groups[1]); + if (ret >= 0) { + groups[0] = gid; + *grpcnt = ret + 1; + } } restore_re_gid(); diff --git a/source3/libads/ads_ldap.c b/source3/libads/ads_ldap.c index 05b016539e..97f12de0f7 100644 --- a/source3/libads/ads_ldap.c +++ b/source3/libads/ads_ldap.c @@ -37,9 +37,16 @@ NTSTATUS ads_name_to_sid(ADS_STRUCT *ads, char *exp; uint32 t; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + char *escaped_name = escape_ldap_string_alloc(name); + char *escaped_realm = escape_ldap_string_alloc(ads->config.realm); + + if (!escaped_name || !escaped_realm) { + status = NT_STATUS_NO_MEMORY; + goto done; + } if (asprintf(&exp, "(|(sAMAccountName=%s)(userPrincipalName=%s@%s))", - name, name, ads->config.realm) == -1) { + escaped_name, escaped_name, escaped_realm) == -1) { DEBUG(1,("ads_name_to_sid: asprintf failed!\n")); status = NT_STATUS_NO_MEMORY; goto done; @@ -77,6 +84,9 @@ NTSTATUS ads_name_to_sid(ADS_STRUCT *ads, done: if (res) ads_msgfree(ads, res); + SAFE_FREE(escaped_name); + SAFE_FREE(escaped_realm); + return status; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 47a94f0a08..b7cfc8d84c 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -426,10 +426,10 @@ ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path, return ADS_ERROR(LDAP_NO_MEMORY); /* 0 means the conversion worked but the result was empty - so we only fail if it's negative. In any case, it always + so we only fail if it's -1. In any case, it always at least nulls out the dest */ - if ((push_utf8_talloc(ctx, &utf8_exp, exp) < 0) || - (push_utf8_talloc(ctx, &utf8_path, bind_path) < 0)) { + if ((push_utf8_talloc(ctx, &utf8_exp, exp) == (size_t)-1) || + (push_utf8_talloc(ctx, &utf8_path, bind_path) == (size_t)-1)) { rc = LDAP_NO_MEMORY; goto done; } @@ -652,8 +652,8 @@ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope, /* 0 means the conversion worked but the result was empty so we only fail if it's negative. In any case, it always at least nulls out the dest */ - if ((push_utf8_talloc(ctx, &utf8_exp, exp) < 0) || - (push_utf8_talloc(ctx, &utf8_path, bind_path) < 0)) { + if ((push_utf8_talloc(ctx, &utf8_exp, exp) == (size_t)-1) || + (push_utf8_talloc(ctx, &utf8_path, bind_path) == (size_t)-1)) { DEBUG(1,("ads_do_search: push_utf8_talloc() failed!")); rc = LDAP_NO_MEMORY; goto done; @@ -1022,7 +1022,7 @@ char *ads_ou_string(const char *org_unit) static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname, const char *org_unit) { - ADS_STATUS ret; + ADS_STATUS ret, status; char *host_spn, *host_upn, *new_dn, *samAccountName, *controlstr; char *ou_str; TALLOC_CTX *ctx; @@ -1089,9 +1089,21 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname, ads_mod_str(ctx, &mods, "operatingSystem", "Samba"); ads_mod_str(ctx, &mods, "operatingSystemVersion", VERSION); - ads_gen_add(ads, new_dn, mods); - ret = ads_set_machine_sd(ads, hostname, new_dn); + ret = ads_gen_add(ads, new_dn, mods); + + if (!ADS_ERR_OK(ret)) + goto done; + + /* Do not fail if we can't set security descriptor + * it shouldn't be mandatory and probably we just + * don't have enough rights to do it. + */ + status = ads_set_machine_sd(ads, hostname, new_dn); + if (!ADS_ERR_OK(status)) { + DEBUG(0, ("Warning: ads_set_machine_sd: %s\n", + ads_errstr(status))); + } done: talloc_destroy(ctx); return ret; @@ -1406,7 +1418,7 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname) **/ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) { - const char *attrs[] = {"ntSecurityDescriptor", "objectSid", 0}; + const char *attrs[] = {"nTSecurityDescriptor", "objectSid", 0}; char *exp = 0; size_t sd_size = 0; struct berval bval = {0, NULL}; @@ -1420,8 +1432,12 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) NTSTATUS status; ADS_STATUS ret; DOM_SID sid; - SEC_DESC *psd = 0; - TALLOC_CTX *ctx = 0; + SEC_DESC *psd = NULL; + TALLOC_CTX *ctx = NULL; + + /* Avoid segmentation fault in prs_mem_free if + * we have to bail out before prs_init */ + ps_wire.is_dynamic = False; if (!ads) return ADS_ERROR(LDAP_SERVER_DOWN); @@ -1448,7 +1464,11 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) goto ads_set_sd_error; } - ads_pull_sid(ads, msg, attrs[1], &sid); + if (!ads_pull_sid(ads, msg, attrs[1], &sid)) { + ret = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); + goto ads_set_sd_error; + } + if (!(ctx = talloc_init("sec_io_desc"))) { ret = ADS_ERROR(LDAP_NO_MEMORY); goto ads_set_sd_error; @@ -1466,7 +1486,10 @@ ADS_STATUS ads_set_machine_sd(ADS_STRUCT *ads, const char *hostname, char *dn) goto ads_set_sd_error; } - prs_init(&ps_wire, sd_size, ctx, MARSHALL); + if (!prs_init(&ps_wire, sd_size, ctx, MARSHALL)) { + ret = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } + if (!sec_io_desc("sd_wire", &psd, &ps_wire, 1)) { ret = ADS_ERROR(LDAP_NO_MEMORY); goto ads_set_sd_error; diff --git a/source3/libads/ldap_printer.c b/source3/libads/ldap_printer.c index 87ea058896..f5cd4f2885 100644 --- a/source3/libads/ldap_printer.c +++ b/source3/libads/ldap_printer.c @@ -85,8 +85,7 @@ static BOOL map_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods, return False; if (value->size && *((smb_ucs2_t *) value->data_p)) { - pull_ucs2_talloc(ctx, (void **) &str_value, - (const smb_ucs2_t *) value->data_p); + pull_ucs2_talloc(ctx, &str_value, (const smb_ucs2_t *) value->data_p); status = ads_mod_str(ctx, mods, value->valuename, str_value); return ADS_ERR_OK(status); } @@ -155,9 +154,8 @@ static BOOL map_multi_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods, cur_str = (smb_ucs2_t *) value->data_p; for (i=0; i < num_vals; i++) - cur_str += pull_ucs2_talloc(ctx, - (void **) &str_values[i], - cur_str); + cur_str += pull_ucs2_talloc(ctx, &str_values[i], + cur_str); status = ads_mod_strlist(ctx, mods, value->valuename, (const char **) str_values); diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c index 333d157905..09d4fbb6c9 100644 --- a/source3/libsmb/asn1.c +++ b/source3/libsmb/asn1.c @@ -240,7 +240,9 @@ BOOL asn1_start_tag(ASN1_DATA *data, uint8 tag) uint8 b; struct nesting *nesting; - asn1_read_uint8(data, &b); + if (!asn1_read_uint8(data, &b)) + return False; + if (b != tag) { data->has_error = True; return False; @@ -251,13 +253,18 @@ BOOL asn1_start_tag(ASN1_DATA *data, uint8 tag) return False; } - asn1_read_uint8(data, &b); + if (!asn1_read_uint8(data, &b)) { + return False; + } + if (b & 0x80) { int n = b & 0x7f; - asn1_read_uint8(data, &b); + if (!asn1_read_uint8(data, &b)) + return False; nesting->taglen = b; while (n > 1) { - asn1_read_uint8(data, &b); + if (!asn1_read_uint8(data, &b)) + return False; nesting->taglen = (nesting->taglen << 8) | b; n--; } @@ -404,7 +411,11 @@ BOOL asn1_check_enumerated(ASN1_DATA *data, int v) if (!asn1_start_tag(data, ASN1_ENUMERATED)) return False; asn1_read_uint8(data, &b); asn1_end_tag(data); - return !data->has_error && (v == b); + + if (v != b) + data->has_error = False; + + return !data->has_error; } /* write an enumarted value to the stream */ diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 3e28baa417..41b5c3f990 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -345,7 +345,7 @@ DATA_BLOB spnego_gen_negTokenTarg(const char *principal, int time_offset) /* parse a spnego NTLMSSP challenge packet giving two security blobs */ -BOOL spnego_parse_challenge(DATA_BLOB blob, +BOOL spnego_parse_challenge(const DATA_BLOB blob, DATA_BLOB *chal1, DATA_BLOB *chal2) { BOOL ret; @@ -387,7 +387,7 @@ BOOL spnego_parse_challenge(DATA_BLOB blob, /* - generate a SPNEGO NTLMSSP auth packet. This will contain the encrypted passwords + generate a SPNEGO auth packet. This will contain the encrypted passwords */ DATA_BLOB spnego_gen_auth(DATA_BLOB blob) { @@ -412,7 +412,7 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob) } /* - parse a SPNEGO NTLMSSP auth packet. This contains the encrypted passwords + parse a SPNEGO auth packet. This contains the encrypted passwords */ BOOL spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) { @@ -447,11 +447,11 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *ntlmssp_reply, NTSTATUS nt_status) uint8 negResult; if (NT_STATUS_IS_OK(nt_status)) { - negResult = SPNGEO_NEG_RESULT_ACCEPT; + negResult = SPNEGO_NEG_RESULT_ACCEPT; } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - negResult = SPNGEO_NEG_RESULT_INCOMPLETE; + negResult = SPNEGO_NEG_RESULT_INCOMPLETE; } else { - negResult = SPNGEO_NEG_RESULT_REJECT; + negResult = SPNEGO_NEG_RESULT_REJECT; } ZERO_STRUCT(data); @@ -461,7 +461,8 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *ntlmssp_reply, NTSTATUS nt_status) asn1_push_tag(&data, ASN1_CONTEXT(0)); asn1_write_enumerated(&data, negResult); asn1_pop_tag(&data); - if (negResult == SPNGEO_NEG_RESULT_INCOMPLETE) { + + if (negResult == SPNEGO_NEG_RESULT_INCOMPLETE) { asn1_push_tag(&data,ASN1_CONTEXT(1)); asn1_write_OID(&data, OID_NTLMSSP); asn1_pop_tag(&data); diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c index 09340caccd..8ee5ee3d31 100644 --- a/source3/libsmb/errormap.c +++ b/source3/libsmb/errormap.c @@ -1410,7 +1410,7 @@ static const struct { /***************************************************************************** convert a dos eclas/ecode to a NT status32 code *****************************************************************************/ -NTSTATUS dos_to_ntstatus(int eclass, int ecode) +NTSTATUS dos_to_ntstatus(uint8 eclass, uint32 ecode) { int i; if (eclass == 0 && ecode == 0) return NT_STATUS_OK; diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index b0b3acff8f..8338b34822 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -790,7 +790,7 @@ static void usage(void) /* Set environment variable so we don't recursively call ourselves. This may also be useful interactively. */ - SETENV(WINBINDD_DONT_ENV, "1", 1); + setenv(WINBINDD_DONT_ENV, "1", 1); /* Initialise samba/rpc client stuff */ diff --git a/source3/smbwrapper/smbsh.c b/source3/smbwrapper/smbsh.c index f9697223c4..d853aa1afc 100644 --- a/source3/smbwrapper/smbsh.c +++ b/source3/smbwrapper/smbsh.c @@ -92,7 +92,7 @@ int main(int argc, char *argv[]) smbw_setshared("PASSWORD", p); } - smbw_setenv("PS1", "smbsh$ "); + setenv("PS1", "smbsh$ "); sys_getwd(wd); @@ -101,18 +101,18 @@ int main(int argc, char *argv[]) smbw_setshared(line, wd); slprintf(line,sizeof(line)-1,"%s/smbwrapper.so", libd); - smbw_setenv("LD_PRELOAD", line); + etenv("LD_PRELOAD", line); slprintf(line,sizeof(line)-1,"%s/smbwrapper.32.so", libd); if (file_exist(line, NULL)) { slprintf(line,sizeof(line)-1,"%s/smbwrapper.32.so:DEFAULT", libd); - smbw_setenv("_RLD_LIST", line); + setenv("_RLD_LIST", line); slprintf(line,sizeof(line)-1,"%s/smbwrapper.so:DEFAULT", libd); - smbw_setenv("_RLDN32_LIST", line); + setenv("_RLDN32_LIST", line); } else { slprintf(line,sizeof(line)-1,"%s/smbwrapper.so:DEFAULT", libd); - smbw_setenv("_RLD_LIST", line); + setenv("_RLD_LIST", line); } { |