Changeset 597 for vendor/current/source3/lib

Timestamp:

Jul 2, 2011, 4:01:14 PM (14 years ago)

Author:

Herwig Bauernfeind

Message:

Samba 3.5: Update vendor to version 3.5.9

Location:

vendor/current/source3/lib

Files:

• access.c (modified) (2 diffs)
• charcnv.c (modified) (8 diffs)
• system_smbd.c (modified) (3 diffs)
• util.c (modified) (2 diffs)
• util_seaccess.c (modified) (3 diffs)
• util_sock.c (modified) (3 diffs)
• util_str.c (modified) (2 diffs)

vendor/current/source3/lib/access.c

@@ -179 +179 @@
 {
         const char **client = (const char **)item;
+        const char *tok_addr = tok;
+        const char *cli_addr = client[ADDR_INDEX];
+
+        /*
+         * tok and client[ADDR_INDEX] can be an IPv4 mapped to IPv6,
+         * we try and match the IPv4 part of address only.
+         * Bug #5311 and #7383.
+         */
+
+        if (strnequal(tok_addr, "::ffff:",7)) {
+                tok_addr += 7;
+        }
+
+        if (strnequal(cli_addr,"::ffff:",7)) {
+                cli_addr += 7;
+        }
 
         /*
@@ -185 +201 @@
          */
 
-        if (string_match(tok, client[ADDR_INDEX])) {
-                return true;
-        }
-
-        if (strnequal(client[ADDR_INDEX],"::ffff:",7) &&
-                        !strnequal(tok, "::ffff:",7)) {
-                /* client[ADDR_INDEX] is an IPv4 mapped to IPv6, but
-                 * the list item is not. Try and match the IPv4 part of
-                 * address only. This will happen a lot on IPv6 enabled
-                 * systems with IPv4 allow/deny lists in smb.conf.
-                 * Bug #5311. JRA.
-                 */
-                if (string_match(tok, (client[ADDR_INDEX])+7)) {
-                        return true;
-                }
+        if (string_match(tok_addr, cli_addr)) {
+                return true;
         }
 

vendor/current/source3/lib/charcnv.c

@@ -574 +574 @@
                 return false;
         }
+
         if (srclen == 0) {
-                ob = talloc_strdup(ctx, "");
+                /* We really should treat this as an error, but
+                   there are too many callers that need this to
+                   return a NULL terminated string in the correct
+                   character set. */
+                if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) {
+                        destlen = 2;
+                } else {
+                        destlen = 1;
+                }
+                ob = talloc_zero_array(ctx, char, destlen);
                 if (ob == NULL) {
                         errno = ENOMEM;
                         return false;
                 }
+                *converted_size = destlen;
                 *dest = ob;
-                *converted_size = 0;
                 return true;
         }
@@ -678 +688 @@
         ob[destlen+1] = '\0';
 
+        /* Ensure we can never return a *converted_size of zero. */
+        if (destlen == 0) {
+                /* This can happen from a bad iconv "use_as_is:" call. */
+                if (to == CH_UTF16LE|| to == CH_UTF16BE || to == CH_UTF16MUNGED) {
+                        destlen = 2;
+                } else {
+                        destlen = 1;
+                }
+        }
+
         *converted_size = destlen;
         return true;
@@ -1343 +1363 @@
 {
         size_t ret;
+        size_t ucs2_align_len = 0;
 
         if (dest_len == (size_t)-1) {
@@ -1360 +1381 @@
                 if (src_len != (size_t)-1)
                         src_len--;
+                ucs2_align_len = 1;
         }
 
@@ -1395 +1417 @@
         }
 
-        return src_len;
+        return src_len + ucs2_align_len;
 }
 
@@ -1421 +1443 @@
         char *dest;
         size_t dest_len;
+        size_t ucs2_align_len = 0;
 
         *ppdest = NULL;
@@ -1439 +1462 @@
                 if (src_len != (size_t)-1)
                         src_len--;
+                ucs2_align_len = 1;
         }
 
@@ -1504 +1528 @@
 
         *ppdest = dest;
-        return src_len;
+        return src_len + ucs2_align_len;
 }
 

vendor/current/source3/lib/system_smbd.c

@@ -28 +28 @@
 #ifndef HAVE_GETGROUPLIST
 
+#ifdef HAVE_GETGRSET
+static int getgrouplist_getgrset(const char *user, gid_t gid, gid_t *groups,
+                                 int *grpcnt)
+{
+        char *grplist;
+        char *grp;
+        gid_t temp_gid;
+        int num_gids = 1;
+        int ret = 0;
+        long l;
+
+        grplist = getgrset(user);
+
+        DEBUG(10, ("getgrset returned %s\n", grplist));
+
+        if (grplist == NULL) {
+                return -1;
+        }
+
+        if (*grpcnt > 0) {
+                groups[0] = gid;
+        }
+
+        while ((grp = strsep(&grplist, ",")) != NULL) {
+                l = strtol(grp, NULL, 10);
+                temp_gid = (gid_t) l;
+                if (temp_gid == gid) {
+                        continue;
+                }
+
+                if (num_gids + 1 > *grpcnt) {
+                        num_gids++;
+                        continue;
+                }
+                groups[num_gids++] = temp_gid;
+        }
+        free(grplist);
+
+        if (num_gids > *grpcnt) {
+                ret = -1;
+        }
+        *grpcnt = num_gids;
+
+        DEBUG(10, ("Found %d groups for user %s\n", *grpcnt, user));
+
+        return ret;
+}
+
+#else /* HAVE_GETGRSET */
+
 /*
   This is a *much* faster way of getting the list of groups for a user
@@ -113 +163 @@
         return ret;
 }
-#endif
+#endif /* HAVE_GETGRSET */
+#endif /* HAVE_GETGROUPLIST */
 
 static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
@@ -131 +182 @@
         retval = getgrouplist(user, gid, groups, grpcnt);
 #else
+#ifdef HAVE_GETGRSET
+        retval = getgrouplist_getgrset(user, gid, groups, grpcnt);
+#else
         become_root();
         retval = getgrouplist_internals(user, gid, groups, grpcnt);
         unbecome_root();
-#endif
+#endif /* HAVE_GETGRSET */
+#endif /* HAVE_GETGROUPLIST */
 
         /* allow winbindd lookups, but only if they were not already disabled */

vendor/current/source3/lib/util.c

@@ -1313 +1313 @@
                                         strlen(user_name), &nis_result,
                                         &nis_result_len)) == 0) {
+                if (nis_result_len > 0 && nis_result[nis_result_len] == '\n') {
+                        nis_result[nis_result_len] = '\0';
+                }
                 value = talloc_strdup(ctx, nis_result);
                 if (!value) {
@@ -1998 +2001 @@
 int str_checksum(const char *s)
 {
-        int res = 0;
-        int c;
-        int i=0;
-
-        while(*s) {
-                c = *s;
-                res ^= (c << (i % 15)) ^ (c >> (15-(i%15)));
-                s++;
-                i++;
-        }
-        return(res);
+        TDB_DATA key = string_tdb_data(s);
+        return jenkins_hash(&key);
 }
 

vendor/current/source3/lib/util_seaccess.c

@@ -113 +113 @@
 
         if (is_sid_in_token(token, sd->owner_sid)) {
-                granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL | SEC_STD_DELETE;
-        } else if (user_has_privileges(token, &se_restore)) {
-                granted |= SEC_STD_DELETE;
+                granted |= SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL;
         }
 
@@ -172 +170 @@
                 access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED;
                 *access_granted = access_desired;
-                bits_remaining = access_desired & ~SEC_STD_DELETE;
+                bits_remaining = access_desired;
 
                 DEBUG(10,("se_access_check: MAX desired = 0x%x, granted = 0x%x, remaining = 0x%x\n",
@@ -188 +186 @@
         }
 
+        /* the owner always gets SEC_STD_WRITE_DAC and SEC_STD_READ_CONTROL */
+        if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL)) &&
+            is_sid_in_token(token, sd->owner_sid)) {
+                bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL);
+        }
+        if ((bits_remaining & SEC_STD_DELETE) &&
+            user_has_privileges(token, &se_restore)) {
+                bits_remaining &= ~SEC_STD_DELETE;
+        }
+
         /* a NULL dacl allows access */
         if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
                 *access_granted = access_desired;
                 return NT_STATUS_OK;
-        }
-
-        /* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
-        if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
-            is_sid_in_token(token, sd->owner_sid)) {
-                bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
-        }
-        if ((bits_remaining & SEC_STD_DELETE) &&
-            user_has_privileges(token, &se_restore)) {
-                bits_remaining &= ~SEC_STD_DELETE;
         }
 

vendor/current/source3/lib/util_sock.c

@@ -1840 +1840 @@
 
 /************************************************************
+ Is this my ip address ?
+************************************************************/
+
+static bool is_my_ipaddr(const char *ipaddr_str)
+{
+        struct sockaddr_storage ss;
+        struct iface_struct *nics;
+        int i, n;
+
+        if (!interpret_string_addr(&ss, ipaddr_str, AI_NUMERICHOST)) {
+                return false;
+        }
+
+        if (ismyaddr((struct sockaddr *)&ss)) {
+                return true;
+        }
+
+        if (is_zero_addr((struct sockaddr *)&ss) ||
+                is_loopback_addr((struct sockaddr *)&ss)) {
+                return false;
+        }
+
+        n = get_interfaces(talloc_tos(), &nics);
+        for (i=0; i<n; i++) {
+                if (sockaddr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) {
+                        TALLOC_FREE(nics);
+                        return true;
+                }
+        }
+        TALLOC_FREE(nics);
+        return false;
+}
+
+/************************************************************
  Is this my name ?
 ************************************************************/
@@ -1846 +1880 @@
 {
         TALLOC_CTX *ctx = talloc_tos();
-        char addr[INET6_ADDRSTRLEN];
         char *name = NULL;
         const char *dnsname;
@@ -1894 +1927 @@
         }
 
-        /* Handle possible CNAME records - convert to an IP addr. */
+        /* Handle possible CNAME records - convert to an IP addr. list. */
         if (!is_ipaddress(servername)) {
-                /* Use DNS to resolve the name, but only the first address */
-                struct sockaddr_storage ss;
-                if (interpret_string_addr(&ss, servername, 0)) {
+                /* Use DNS to resolve the name, check all addresses. */
+                struct addrinfo *p = NULL;
+                struct addrinfo *res = NULL;
+
+                if (!interpret_string_addr_internal(&res,
+                                servername,
+                                AI_ADDRCONFIG)) {
+                        return false;
+                }
+
+                for (p = res; p; p = p->ai_next) {
+                        char addr[INET6_ADDRSTRLEN];
+                        struct sockaddr_storage ss;
+
+                        ZERO_STRUCT(ss);
+                        memcpy(&ss, p->ai_addr, p->ai_addrlen);
                         print_sockaddr(addr,
                                         sizeof(addr),
                                         &ss);
-                        servername = addr;
-                }
+                        if (is_my_ipaddr(addr)) {
+                                freeaddrinfo(res);
+                                return true;
+                        }
+                }
+                freeaddrinfo(res);
         }
 
         /* Maybe its an IP address? */
         if (is_ipaddress(servername)) {
-                struct sockaddr_storage ss;
-                struct iface_struct *nics;
-                int i, n;
-
-                if (!interpret_string_addr(&ss, servername, AI_NUMERICHOST)) {
-                        return false;
-                }
-
-                if (ismyaddr((struct sockaddr *)&ss)) {
-                        return true;
-                }
-
-                if (is_zero_addr((struct sockaddr *)&ss) || 
-                        is_loopback_addr((struct sockaddr *)&ss)) {
-                        return false;
-                }
-
-                n = get_interfaces(talloc_tos(), &nics);
-                for (i=0; i<n; i++) {
-                        if (sockaddr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) {
-                                TALLOC_FREE(nics);
-                                return true;
-                        }
-                }
-                TALLOC_FREE(nics);
+                return is_my_ipaddr(servername);
         }
 

vendor/current/source3/lib/util_str.c

@@ -587 +587 @@
  zero. Strips out all but 'a-Z0-9' and the character in other_safe_chars
  and replaces with '_'. Deliberately does *NOT* check for multibyte
- characters. Don't change it !
+ characters. Treats src as an array of bytes, not as a multibyte
+ string. Any byte >0x7f is automatically converted to '_'.
+ other_safe_chars must also contain an ascii string (bytes<0x7f).
 **/
 
@@ -623 +625 @@
         for(i = 0; i < len; i++) {
                 int val = (src[i] & 0xff);
-                if (isupper_ascii(val) || islower_ascii(val) ||
-                                isdigit(val) || strchr_m(other_safe_chars, val))
+                if (val > 0x7f) {
+                        dest[i] = '_';
+                        continue;
+                }
+                if (isupper(val) || islower(val) ||
+                                isdigit(val) || strchr(other_safe_chars, val))
                         dest[i] = src[i];
                 else