import UBI samba-4.21.3-5.el9_6
This commit is contained in:
		
							parent
							
								
									e22a3a3f04
								
							
						
					
					
						commit
						a5f9e01b56
					
				
							
								
								
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -1,2 +1,2 @@ | |||||||
| SOURCES/samba-4.20.2.tar.xz | SOURCES/samba-4.21.3.tar.xz | ||||||
| SOURCES/samba-pubkey_AA99442FB680B620.gpg | SOURCES/samba-pubkey_AA99442FB680B620.gpg | ||||||
|  | |||||||
| @ -1,2 +1,2 @@ | |||||||
| 607bea15c2306b165610ebe3f617f1b29ef7f133 SOURCES/samba-4.20.2.tar.xz | c3c2f51037818ee9e1d24b5b9add13d5f86fdb01 SOURCES/samba-4.21.3.tar.xz | ||||||
| 971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg | 971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg | ||||||
|  | |||||||
| @ -1,927 +0,0 @@ | |||||||
| From dddbbec2cb10b05a6ec3b4f1fcc877d60a44080a Mon Sep 17 00:00:00 2001 |  | ||||||
| From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org> |  | ||||||
| Date: Thu, 4 Jul 2024 11:08:03 +0200 |  | ||||||
| Subject: [PATCH 1/5] .gitlab-ci-main.yml: Add safe.directory '*' |  | ||||||
| MIME-Version: 1.0 |  | ||||||
| Content-Type: text/plain; charset=UTF-8 |  | ||||||
| Content-Transfer-Encoding: 8bit |  | ||||||
| 
 |  | ||||||
| This is to fix the error when pushing to personal gitlab repo: |  | ||||||
| 
 |  | ||||||
| 2024-07-04 08:16:05,460 Running: 'git clone --recursive --shared /builds/pfilipen/samba /builds/samba-testbase/master' in '/builds/pfilipen/samba' |  | ||||||
| Cloning into '/builds/samba-testbase/master'... |  | ||||||
| fatal: detected dubious ownership in repository at '/builds/pfilipen/samba/.git' |  | ||||||
| To add an exception for this directory, call: |  | ||||||
| 	git config --global --add safe.directory /builds/pfilipen/samba/.git |  | ||||||
| fatal: Could not read from remote repository. |  | ||||||
| 
 |  | ||||||
| Instead of adding more and more explicit repositories |  | ||||||
| we should just allow any, we're in an isolated environment... |  | ||||||
| 
 |  | ||||||
| BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660 |  | ||||||
| 
 |  | ||||||
| Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> |  | ||||||
| Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> |  | ||||||
| Signed-off-by: Stefan Metzmacher <metze@samba.org> |  | ||||||
| Reviewed-by: Andreas Schneider <asn@samba.org> |  | ||||||
| 
 |  | ||||||
| Autobuild-User(master): Stefan Metzmacher <metze@samba.org> |  | ||||||
| Autobuild-Date(master): Wed Jul 10 10:35:00 UTC 2024 on atb-devel-224 |  | ||||||
| 
 |  | ||||||
| (cherry picked from commit 3a21b7d9a4e7e9814d0be8c0ebf72b9821a5dc36) |  | ||||||
| ---
 |  | ||||||
|  .gitlab-ci-main.yml | 3 +-- |  | ||||||
|  1 file changed, 1 insertion(+), 2 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
 |  | ||||||
| index face2103327..08865ca2c42 100644
 |  | ||||||
| --- a/.gitlab-ci-main.yml
 |  | ||||||
| +++ b/.gitlab-ci-main.yml
 |  | ||||||
| @@ -146,8 +146,7 @@ include:
 |  | ||||||
|      - ccache -z -M 500M |  | ||||||
|      - ccache -s |  | ||||||
|        # We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI |  | ||||||
| -    - git config --global --add safe.directory `pwd`
 |  | ||||||
| -    - git config --global --add safe.directory /builds/samba-team/devel/samba/.git
 |  | ||||||
| +    - git config --global --add safe.directory '*'
 |  | ||||||
|    after_script: |  | ||||||
|      - mount |  | ||||||
|      - df -h |  | ||||||
| -- 
 |  | ||||||
| 2.49.0 |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| From 1c69964d34d2cf66532b23ffde76a839a65b0db2 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Andreas Schneider <asn@samba.org> |  | ||||||
| Date: Fri, 12 Jul 2024 14:18:26 +0200 |  | ||||||
| Subject: [PATCH 2/5] s3:printing: Allow to run samba-bgqd as a standalone |  | ||||||
|  systemd service |  | ||||||
| 
 |  | ||||||
| BUG: https://bugzilla.samba.org/show_bug.cgi?id=15683 |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Andreas Schneider <asn@samba.org> |  | ||||||
| Reviewed-by: Alexander Bokovoy <ab@samba.org> |  | ||||||
| (cherry picked from commit 0a532378322661b23b3393eb2ebde29402a16e62) |  | ||||||
| 
 |  | ||||||
| Autobuild-User(v4-20-test): Jule Anger <janger@samba.org> |  | ||||||
| Autobuild-Date(v4-20-test): Tue Jul 23 08:56:24 UTC 2024 on atb-devel-224 |  | ||||||
| 
 |  | ||||||
| (cherry picked from commit 4cf9af9186d7829f11bd07c7d6e526a51dcf0d61) |  | ||||||
| ---
 |  | ||||||
|  source3/printing/samba-bgqd.c | 8 +++++++- |  | ||||||
|  1 file changed, 7 insertions(+), 1 deletion(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/source3/printing/samba-bgqd.c b/source3/printing/samba-bgqd.c
 |  | ||||||
| index 59ed0cc40db..9560fcf9e35 100644
 |  | ||||||
| --- a/source3/printing/samba-bgqd.c
 |  | ||||||
| +++ b/source3/printing/samba-bgqd.c
 |  | ||||||
| @@ -253,7 +253,9 @@ int main(int argc, const char *argv[])
 |  | ||||||
|  	log_stdout = (debug_get_log_type() == DEBUG_STDOUT); |  | ||||||
|   |  | ||||||
|  	/* main process will notify systemd */ |  | ||||||
| -	daemon_sd_notifications(false);
 |  | ||||||
| +	if (ready_signal_fd != -1 || watch_fd != -1) {
 |  | ||||||
| +		daemon_sd_notifications(false);
 |  | ||||||
| +	}
 |  | ||||||
|   |  | ||||||
|  	if (!cmdline_daemon_cfg->fork) { |  | ||||||
|  		daemon_status(progname, "Starting process ... "); |  | ||||||
| @@ -325,6 +327,10 @@ int main(int argc, const char *argv[])
 |  | ||||||
|  		goto done; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| +	if (!cmdline_daemon_cfg->fork) {
 |  | ||||||
| +		daemon_ready(progname);
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
|  	if (ready_signal_fd != -1) { |  | ||||||
|  		pid_t pid = getpid(); |  | ||||||
|  		ssize_t written; |  | ||||||
| -- 
 |  | ||||||
| 2.49.0 |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| From 2e7ffc196aa9f241622a32ea002d96ad00799e4d Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Andreas Schneider <asn@samba.org> |  | ||||||
| Date: Mon, 22 Jul 2024 12:26:55 +0200 |  | ||||||
| Subject: [PATCH 3/5] s3:notifyd: Use a watcher per db record |  | ||||||
| MIME-Version: 1.0 |  | ||||||
| Content-Type: text/plain; charset=UTF-8 |  | ||||||
| Content-Transfer-Encoding: 8bit |  | ||||||
| 
 |  | ||||||
| This fixes a O(n²) performance regression in notifyd. The problem was |  | ||||||
| that we had a watcher per notify instance. This changes the code to have |  | ||||||
| a watcher per notify db entry. |  | ||||||
| 
 |  | ||||||
| BUG: https://bugzilla.samba.org/show_bug.cgi?id=14430 |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Andreas Schneider <asn@samba.org> |  | ||||||
| Reviewed-by: Stefan Metzmacher <metze@samba.org> |  | ||||||
| 
 |  | ||||||
| Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> |  | ||||||
| Autobuild-Date(master): Tue Oct  1 14:22:43 UTC 2024 on atb-devel-224 |  | ||||||
| ---
 |  | ||||||
|  source3/smbd/notifyd/notifyd.c         | 214 ++++++++++++++++++------- |  | ||||||
|  source3/smbd/notifyd/notifyd_db.c      |   5 +- |  | ||||||
|  source3/smbd/notifyd/notifyd_entry.c   |  51 ++++-- |  | ||||||
|  source3/smbd/notifyd/notifyd_private.h |  46 ++++-- |  | ||||||
|  4 files changed, 228 insertions(+), 88 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/source3/smbd/notifyd/notifyd.c b/source3/smbd/notifyd/notifyd.c
 |  | ||||||
| index ca303bd4d51..b368b8390fa 100644
 |  | ||||||
| --- a/source3/smbd/notifyd/notifyd.c
 |  | ||||||
| +++ b/source3/smbd/notifyd/notifyd.c
 |  | ||||||
| @@ -337,6 +337,7 @@ static bool notifyd_apply_rec_change(
 |  | ||||||
|  	struct messaging_context *msg_ctx) |  | ||||||
|  { |  | ||||||
|  	struct db_record *rec = NULL; |  | ||||||
| +	struct notifyd_watcher watcher = {};
 |  | ||||||
|  	struct notifyd_instance *instances = NULL; |  | ||||||
|  	size_t num_instances; |  | ||||||
|  	size_t i; |  | ||||||
| @@ -344,6 +345,7 @@ static bool notifyd_apply_rec_change(
 |  | ||||||
|  	TDB_DATA value; |  | ||||||
|  	NTSTATUS status; |  | ||||||
|  	bool ok = false; |  | ||||||
| +	bool new_watcher = false;
 |  | ||||||
|   |  | ||||||
|  	if (pathlen == 0) { |  | ||||||
|  		DBG_WARNING("pathlen==0\n"); |  | ||||||
| @@ -374,8 +376,12 @@ static bool notifyd_apply_rec_change(
 |  | ||||||
|  	value = dbwrap_record_get_value(rec); |  | ||||||
|   |  | ||||||
|  	if (value.dsize != 0) { |  | ||||||
| -		if (!notifyd_parse_entry(value.dptr, value.dsize, NULL,
 |  | ||||||
| -					 &num_instances)) {
 |  | ||||||
| +		ok = notifyd_parse_entry(value.dptr,
 |  | ||||||
| +					 value.dsize,
 |  | ||||||
| +					 &watcher,
 |  | ||||||
| +					 NULL,
 |  | ||||||
| +					 &num_instances);
 |  | ||||||
| +		if (!ok) {
 |  | ||||||
|  			goto fail; |  | ||||||
|  		} |  | ||||||
|  	} |  | ||||||
| @@ -390,8 +396,22 @@ static bool notifyd_apply_rec_change(
 |  | ||||||
|  		goto fail; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	if (value.dsize != 0) {
 |  | ||||||
| -		memcpy(instances, value.dptr, value.dsize);
 |  | ||||||
| +	if (num_instances > 0) {
 |  | ||||||
| +		struct notifyd_instance *tmp = NULL;
 |  | ||||||
| +		size_t num_tmp = 0;
 |  | ||||||
| +
 |  | ||||||
| +		ok = notifyd_parse_entry(value.dptr,
 |  | ||||||
| +					 value.dsize,
 |  | ||||||
| +					 NULL,
 |  | ||||||
| +					 &tmp,
 |  | ||||||
| +					 &num_tmp);
 |  | ||||||
| +		if (!ok) {
 |  | ||||||
| +			goto fail;
 |  | ||||||
| +		}
 |  | ||||||
| +
 |  | ||||||
| +		memcpy(instances,
 |  | ||||||
| +		       tmp,
 |  | ||||||
| +		       sizeof(struct notifyd_instance) * num_tmp);
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	for (i=0; i<num_instances; i++) { |  | ||||||
| @@ -414,41 +434,106 @@ static bool notifyd_apply_rec_change(
 |  | ||||||
|  		*instance = (struct notifyd_instance) { |  | ||||||
|  			.client = *client, |  | ||||||
|  			.instance = *chg, |  | ||||||
| -			.internal_filter = chg->filter,
 |  | ||||||
| -			.internal_subdir_filter = chg->subdir_filter
 |  | ||||||
|  		}; |  | ||||||
|   |  | ||||||
|  		num_instances += 1; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	if ((instance->instance.filter != 0) ||
 |  | ||||||
| -	    (instance->instance.subdir_filter != 0)) {
 |  | ||||||
| -		int ret;
 |  | ||||||
| +	/*
 |  | ||||||
| +	 * Calculate an intersection of the instances filters for the watcher.
 |  | ||||||
| +	 */
 |  | ||||||
| +	if (instance->instance.filter > 0) {
 |  | ||||||
| +		uint32_t filter = instance->instance.filter;
 |  | ||||||
| +
 |  | ||||||
| +		if ((watcher.filter & filter) != filter) {
 |  | ||||||
| +			watcher.filter |= filter;
 |  | ||||||
| +
 |  | ||||||
| +			new_watcher = true;
 |  | ||||||
| +		}
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	/*
 |  | ||||||
| +	 * Calculate an intersection of the instances subdir_filters for the
 |  | ||||||
| +	 * watcher.
 |  | ||||||
| +	 */
 |  | ||||||
| +	if (instance->instance.subdir_filter > 0) {
 |  | ||||||
| +		uint32_t subdir_filter = instance->instance.subdir_filter;
 |  | ||||||
|   |  | ||||||
| -		TALLOC_FREE(instance->sys_watch);
 |  | ||||||
| +		if ((watcher.subdir_filter & subdir_filter) != subdir_filter) {
 |  | ||||||
| +			watcher.subdir_filter |= subdir_filter;
 |  | ||||||
|   |  | ||||||
| -		ret = sys_notify_watch(entries, sys_notify_ctx, path,
 |  | ||||||
| -				       &instance->internal_filter,
 |  | ||||||
| -				       &instance->internal_subdir_filter,
 |  | ||||||
| -				       notifyd_sys_callback, msg_ctx,
 |  | ||||||
| -				       &instance->sys_watch);
 |  | ||||||
| -		if (ret != 0) {
 |  | ||||||
| -			DBG_WARNING("sys_notify_watch for [%s] returned %s\n",
 |  | ||||||
| -				    path, strerror(errno));
 |  | ||||||
| +			new_watcher = true;
 |  | ||||||
|  		} |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	if ((instance->instance.filter == 0) && |  | ||||||
|  	    (instance->instance.subdir_filter == 0)) { |  | ||||||
| +		uint32_t tmp_filter = 0;
 |  | ||||||
| +		uint32_t tmp_subdir_filter = 0;
 |  | ||||||
| +
 |  | ||||||
|  		/* This is a delete request */ |  | ||||||
| -		TALLOC_FREE(instance->sys_watch);
 |  | ||||||
|  		*instance = instances[num_instances-1]; |  | ||||||
|  		num_instances -= 1; |  | ||||||
| +
 |  | ||||||
| +		for (i = 0; i < num_instances; i++) {
 |  | ||||||
| +			struct notifyd_instance *tmp = &instances[i];
 |  | ||||||
| +
 |  | ||||||
| +			tmp_filter |= tmp->instance.filter;
 |  | ||||||
| +			tmp_subdir_filter |= tmp->instance.subdir_filter;
 |  | ||||||
| +		}
 |  | ||||||
| +
 |  | ||||||
| +		/*
 |  | ||||||
| +		 * If the filter has changed, register a new watcher with the
 |  | ||||||
| +		 * changed filter.
 |  | ||||||
| +		 */
 |  | ||||||
| +		if (watcher.filter != tmp_filter ||
 |  | ||||||
| +		    watcher.subdir_filter != tmp_subdir_filter)
 |  | ||||||
| +		{
 |  | ||||||
| +			watcher.filter = tmp_filter;
 |  | ||||||
| +			watcher.subdir_filter = tmp_subdir_filter;
 |  | ||||||
| +
 |  | ||||||
| +			new_watcher = true;
 |  | ||||||
| +		}
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	if (new_watcher) {
 |  | ||||||
| +		/*
 |  | ||||||
| +		 * In case we removed all notify instances, we want to remove
 |  | ||||||
| +		 * the watcher. We won't register a new one, if no filters are
 |  | ||||||
| +		 * set anymore.
 |  | ||||||
| +		 */
 |  | ||||||
| +
 |  | ||||||
| +		TALLOC_FREE(watcher.sys_watch);
 |  | ||||||
| +
 |  | ||||||
| +		watcher.sys_filter = watcher.filter;
 |  | ||||||
| +		watcher.sys_subdir_filter = watcher.subdir_filter;
 |  | ||||||
| +
 |  | ||||||
| +		/*
 |  | ||||||
| +		 * Only register a watcher if we have filter.
 |  | ||||||
| +		 */
 |  | ||||||
| +		if (watcher.filter != 0 || watcher.subdir_filter != 0) {
 |  | ||||||
| +			int ret = sys_notify_watch(entries,
 |  | ||||||
| +						   sys_notify_ctx,
 |  | ||||||
| +						   path,
 |  | ||||||
| +						   &watcher.sys_filter,
 |  | ||||||
| +						   &watcher.sys_subdir_filter,
 |  | ||||||
| +						   notifyd_sys_callback,
 |  | ||||||
| +						   msg_ctx,
 |  | ||||||
| +						   &watcher.sys_watch);
 |  | ||||||
| +			if (ret != 0) {
 |  | ||||||
| +				DBG_WARNING("sys_notify_watch for [%s] "
 |  | ||||||
| +					    "returned %s\n",
 |  | ||||||
| +					    path,
 |  | ||||||
| +					    strerror(errno));
 |  | ||||||
| +			}
 |  | ||||||
| +		}
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	DBG_DEBUG("%s has %zu instances\n", path, num_instances); |  | ||||||
|   |  | ||||||
|  	if (num_instances == 0) { |  | ||||||
| +		TALLOC_FREE(watcher.sys_watch);
 |  | ||||||
| +
 |  | ||||||
|  		status = dbwrap_record_delete(rec); |  | ||||||
|  		if (!NT_STATUS_IS_OK(status)) { |  | ||||||
|  			DBG_WARNING("dbwrap_record_delete returned %s\n", |  | ||||||
| @@ -456,13 +541,21 @@ static bool notifyd_apply_rec_change(
 |  | ||||||
|  			goto fail; |  | ||||||
|  		} |  | ||||||
|  	} else { |  | ||||||
| -		value = make_tdb_data(
 |  | ||||||
| -			(uint8_t *)instances,
 |  | ||||||
| -			sizeof(struct notifyd_instance) * num_instances);
 |  | ||||||
| +		struct TDB_DATA iov[2] = {
 |  | ||||||
| +			{
 |  | ||||||
| +				.dptr = (uint8_t *)&watcher,
 |  | ||||||
| +				.dsize = sizeof(struct notifyd_watcher),
 |  | ||||||
| +			},
 |  | ||||||
| +			{
 |  | ||||||
| +				.dptr = (uint8_t *)instances,
 |  | ||||||
| +				.dsize = sizeof(struct notifyd_instance) *
 |  | ||||||
| +					 num_instances,
 |  | ||||||
| +			},
 |  | ||||||
| +		};
 |  | ||||||
|   |  | ||||||
| -		status = dbwrap_record_store(rec, value, 0);
 |  | ||||||
| +		status = dbwrap_record_storev(rec, iov, ARRAY_SIZE(iov), 0);
 |  | ||||||
|  		if (!NT_STATUS_IS_OK(status)) { |  | ||||||
| -			DBG_WARNING("dbwrap_record_store returned %s\n",
 |  | ||||||
| +			DBG_WARNING("dbwrap_record_storev returned %s\n",
 |  | ||||||
|  				    nt_errstr(status)); |  | ||||||
|  			goto fail; |  | ||||||
|  		} |  | ||||||
| @@ -706,12 +799,18 @@ static void notifyd_trigger_parser(TDB_DATA key, TDB_DATA data,
 |  | ||||||
|  					.when = tstate->msg->when }; |  | ||||||
|  	struct iovec iov[2]; |  | ||||||
|  	size_t path_len = key.dsize; |  | ||||||
| +	struct notifyd_watcher watcher = {};
 |  | ||||||
|  	struct notifyd_instance *instances = NULL; |  | ||||||
|  	size_t num_instances = 0; |  | ||||||
|  	size_t i; |  | ||||||
| +	bool ok;
 |  | ||||||
|   |  | ||||||
| -	if (!notifyd_parse_entry(data.dptr, data.dsize, &instances,
 |  | ||||||
| -				 &num_instances)) {
 |  | ||||||
| +	ok = notifyd_parse_entry(data.dptr,
 |  | ||||||
| +				 data.dsize,
 |  | ||||||
| +				 &watcher,
 |  | ||||||
| +				 &instances,
 |  | ||||||
| +				 &num_instances);
 |  | ||||||
| +	if (!ok) {
 |  | ||||||
|  		DBG_DEBUG("Could not parse notifyd_entry\n"); |  | ||||||
|  		return; |  | ||||||
|  	} |  | ||||||
| @@ -734,9 +833,11 @@ static void notifyd_trigger_parser(TDB_DATA key, TDB_DATA data,
 |  | ||||||
|   |  | ||||||
|  		if (tstate->covered_by_sys_notify) { |  | ||||||
|  			if (tstate->recursive) { |  | ||||||
| -				i_filter = instance->internal_subdir_filter;
 |  | ||||||
| +				i_filter = watcher.sys_subdir_filter &
 |  | ||||||
| +					   instance->instance.subdir_filter;
 |  | ||||||
|  			} else { |  | ||||||
| -				i_filter = instance->internal_filter;
 |  | ||||||
| +				i_filter = watcher.sys_filter &
 |  | ||||||
| +					   instance->instance.filter;
 |  | ||||||
|  			} |  | ||||||
|  		} else { |  | ||||||
|  			if (tstate->recursive) { |  | ||||||
| @@ -1142,46 +1243,39 @@ static int notifyd_add_proxy_syswatches(struct db_record *rec,
 |  | ||||||
|  	struct db_context *db = dbwrap_record_get_db(rec); |  | ||||||
|  	TDB_DATA key = dbwrap_record_get_key(rec); |  | ||||||
|  	TDB_DATA value = dbwrap_record_get_value(rec); |  | ||||||
| -	struct notifyd_instance *instances = NULL;
 |  | ||||||
| -	size_t num_instances = 0;
 |  | ||||||
| -	size_t i;
 |  | ||||||
| +	struct notifyd_watcher watcher = {};
 |  | ||||||
|  	char path[key.dsize+1]; |  | ||||||
|  	bool ok; |  | ||||||
| +	int ret;
 |  | ||||||
|   |  | ||||||
|  	memcpy(path, key.dptr, key.dsize); |  | ||||||
|  	path[key.dsize] = '\0'; |  | ||||||
|   |  | ||||||
| -	ok = notifyd_parse_entry(value.dptr, value.dsize, &instances,
 |  | ||||||
| -				 &num_instances);
 |  | ||||||
| +	/* This is a remote database, we just need the watcher. */
 |  | ||||||
| +	ok = notifyd_parse_entry(value.dptr, value.dsize, &watcher, NULL, NULL);
 |  | ||||||
|  	if (!ok) { |  | ||||||
|  		DBG_WARNING("Could not parse notifyd entry for %s\n", path); |  | ||||||
|  		return 0; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	for (i=0; i<num_instances; i++) {
 |  | ||||||
| -		struct notifyd_instance *instance = &instances[i];
 |  | ||||||
| -		uint32_t filter = instance->instance.filter;
 |  | ||||||
| -		uint32_t subdir_filter = instance->instance.subdir_filter;
 |  | ||||||
| -		int ret;
 |  | ||||||
| +	watcher.sys_watch = NULL;
 |  | ||||||
| +	watcher.sys_filter = watcher.filter;
 |  | ||||||
| +	watcher.sys_subdir_filter = watcher.subdir_filter;
 |  | ||||||
|   |  | ||||||
| -		/*
 |  | ||||||
| -		 * This is a remote database. Pointers that we were
 |  | ||||||
| -		 * given don't make sense locally. Initialize to NULL
 |  | ||||||
| -		 * in case sys_notify_watch fails.
 |  | ||||||
| -		 */
 |  | ||||||
| -		instances[i].sys_watch = NULL;
 |  | ||||||
| -
 |  | ||||||
| -		ret = state->sys_notify_watch(
 |  | ||||||
| -			db, state->sys_notify_ctx, path,
 |  | ||||||
| -			&filter, &subdir_filter,
 |  | ||||||
| -			notifyd_sys_callback, state->msg_ctx,
 |  | ||||||
| -			&instance->sys_watch);
 |  | ||||||
| -		if (ret != 0) {
 |  | ||||||
| -			DBG_WARNING("inotify_watch returned %s\n",
 |  | ||||||
| -				    strerror(errno));
 |  | ||||||
| -		}
 |  | ||||||
| +	ret = state->sys_notify_watch(db,
 |  | ||||||
| +				      state->sys_notify_ctx,
 |  | ||||||
| +				      path,
 |  | ||||||
| +				      &watcher.filter,
 |  | ||||||
| +				      &watcher.subdir_filter,
 |  | ||||||
| +				      notifyd_sys_callback,
 |  | ||||||
| +				      state->msg_ctx,
 |  | ||||||
| +				      &watcher.sys_watch);
 |  | ||||||
| +	if (ret != 0) {
 |  | ||||||
| +		DBG_WARNING("inotify_watch returned %s\n", strerror(errno));
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| +	memcpy(value.dptr, &watcher, sizeof(struct notifyd_watcher));
 |  | ||||||
| +
 |  | ||||||
|  	return 0; |  | ||||||
|  } |  | ||||||
|   |  | ||||||
| @@ -1189,21 +1283,17 @@ static int notifyd_db_del_syswatches(struct db_record *rec, void *private_data)
 |  | ||||||
|  { |  | ||||||
|  	TDB_DATA key = dbwrap_record_get_key(rec); |  | ||||||
|  	TDB_DATA value = dbwrap_record_get_value(rec); |  | ||||||
| -	struct notifyd_instance *instances = NULL;
 |  | ||||||
| -	size_t num_instances = 0;
 |  | ||||||
| -	size_t i;
 |  | ||||||
| +	struct notifyd_watcher watcher = {};
 |  | ||||||
|  	bool ok; |  | ||||||
|   |  | ||||||
| -	ok = notifyd_parse_entry(value.dptr, value.dsize, &instances,
 |  | ||||||
| -				 &num_instances);
 |  | ||||||
| +	ok = notifyd_parse_entry(value.dptr, value.dsize, &watcher, NULL, NULL);
 |  | ||||||
|  	if (!ok) { |  | ||||||
|  		DBG_WARNING("Could not parse notifyd entry for %.*s\n", |  | ||||||
|  			    (int)key.dsize, (char *)key.dptr); |  | ||||||
|  		return 0; |  | ||||||
|  	} |  | ||||||
| -	for (i=0; i<num_instances; i++) {
 |  | ||||||
| -		TALLOC_FREE(instances[i].sys_watch);
 |  | ||||||
| -	}
 |  | ||||||
| +	TALLOC_FREE(watcher.sys_watch);
 |  | ||||||
| +
 |  | ||||||
|  	return 0; |  | ||||||
|  } |  | ||||||
|   |  | ||||||
| diff --git a/source3/smbd/notifyd/notifyd_db.c b/source3/smbd/notifyd/notifyd_db.c
 |  | ||||||
| index 18228619e9a..7dc3cd58081 100644
 |  | ||||||
| --- a/source3/smbd/notifyd/notifyd_db.c
 |  | ||||||
| +++ b/source3/smbd/notifyd/notifyd_db.c
 |  | ||||||
| @@ -40,7 +40,10 @@ static bool notifyd_parse_db_parser(TDB_DATA key, TDB_DATA value,
 |  | ||||||
|  	memcpy(path, key.dptr, key.dsize); |  | ||||||
|  	path[key.dsize] = 0; |  | ||||||
|   |  | ||||||
| -	ok = notifyd_parse_entry(value.dptr, value.dsize, &instances,
 |  | ||||||
| +	ok = notifyd_parse_entry(value.dptr,
 |  | ||||||
| +				 value.dsize,
 |  | ||||||
| +				 NULL,
 |  | ||||||
| +				 &instances,
 |  | ||||||
|  				 &num_instances); |  | ||||||
|  	if (!ok) { |  | ||||||
|  		DBG_DEBUG("Could not parse entry for path %s\n", path); |  | ||||||
| diff --git a/source3/smbd/notifyd/notifyd_entry.c b/source3/smbd/notifyd/notifyd_entry.c
 |  | ||||||
| index 539010de03a..f3b0e908136 100644
 |  | ||||||
| --- a/source3/smbd/notifyd/notifyd_entry.c
 |  | ||||||
| +++ b/source3/smbd/notifyd/notifyd_entry.c
 |  | ||||||
| @@ -21,22 +21,51 @@
 |  | ||||||
|   * Parse an entry in the notifyd_context->entries database |  | ||||||
|   */ |  | ||||||
|   |  | ||||||
| -bool notifyd_parse_entry(
 |  | ||||||
| -	uint8_t *buf,
 |  | ||||||
| -	size_t buflen,
 |  | ||||||
| -	struct notifyd_instance **instances,
 |  | ||||||
| -	size_t *num_instances)
 |  | ||||||
| +/**
 |  | ||||||
| + * @brief Parse a notifyd database entry.
 |  | ||||||
| + *
 |  | ||||||
| + * The memory we pass down needs to be aligned. If it isn't aligned we can run
 |  | ||||||
| + * into obscure errors as we just point into the data buffer.
 |  | ||||||
| + *
 |  | ||||||
| + * @param data The data to parse
 |  | ||||||
| + * @param data_len The length of the data to parse
 |  | ||||||
| + * @param watcher A pointer to store the watcher data or NULL.
 |  | ||||||
| + * @param instances A pointer to store the array of notify instances or NULL.
 |  | ||||||
| + * @param pnum_instances The number of elements in the array. If you just want
 |  | ||||||
| + * the number of elements pass NULL for the watcher and instances pointers.
 |  | ||||||
| + *
 |  | ||||||
| + * @return true on success, false if an error occurred.
 |  | ||||||
| + */
 |  | ||||||
| +bool notifyd_parse_entry(uint8_t *data,
 |  | ||||||
| +			 size_t data_len,
 |  | ||||||
| +			 struct notifyd_watcher *watcher,
 |  | ||||||
| +			 struct notifyd_instance **instances,
 |  | ||||||
| +			 size_t *pnum_instances)
 |  | ||||||
|  { |  | ||||||
| -	if ((buflen % sizeof(struct notifyd_instance)) != 0) {
 |  | ||||||
| -		DBG_WARNING("invalid buffer size: %zu\n", buflen);
 |  | ||||||
| +	size_t ilen;
 |  | ||||||
| +
 |  | ||||||
| +	if (data_len < sizeof(struct notifyd_watcher)) {
 |  | ||||||
|  		return false; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	if (instances != NULL) {
 |  | ||||||
| -		*instances = (struct notifyd_instance *)buf;
 |  | ||||||
| +	if (watcher != NULL) {
 |  | ||||||
| +		*watcher = *((struct notifyd_watcher *)(uintptr_t)data);
 |  | ||||||
|  	} |  | ||||||
| -	if (num_instances != NULL) {
 |  | ||||||
| -		*num_instances = buflen / sizeof(struct notifyd_instance);
 |  | ||||||
| +
 |  | ||||||
| +	ilen = data_len - sizeof(struct notifyd_watcher);
 |  | ||||||
| +	if ((ilen % sizeof(struct notifyd_instance)) != 0) {
 |  | ||||||
| +		return false;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
| +	if (pnum_instances != NULL) {
 |  | ||||||
| +		*pnum_instances = ilen / sizeof(struct notifyd_instance);
 |  | ||||||
|  	} |  | ||||||
| +	if (instances != NULL) {
 |  | ||||||
| +		/* The (uintptr_t) cast removes a warning from -Wcast-align. */
 |  | ||||||
| +		*instances =
 |  | ||||||
| +			(struct notifyd_instance *)(uintptr_t)
 |  | ||||||
| +				(data + sizeof(struct notifyd_watcher));
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
|  	return true; |  | ||||||
|  } |  | ||||||
| diff --git a/source3/smbd/notifyd/notifyd_private.h b/source3/smbd/notifyd/notifyd_private.h
 |  | ||||||
| index 36c08f47c54..db8e6e1c005 100644
 |  | ||||||
| --- a/source3/smbd/notifyd/notifyd_private.h
 |  | ||||||
| +++ b/source3/smbd/notifyd/notifyd_private.h
 |  | ||||||
| @@ -20,30 +20,48 @@
 |  | ||||||
|  #include "lib/util/server_id.h" |  | ||||||
|  #include "notifyd.h" |  | ||||||
|   |  | ||||||
| +
 |  | ||||||
|  /* |  | ||||||
| - * notifyd's representation of a notify instance
 |  | ||||||
| + * Representation of a watcher for a path
 |  | ||||||
| + *
 |  | ||||||
| + * This will be stored in the db.
 |  | ||||||
|   */ |  | ||||||
| -struct notifyd_instance {
 |  | ||||||
| -	struct server_id client;
 |  | ||||||
| -	struct notify_instance instance;
 |  | ||||||
| -
 |  | ||||||
| -	void *sys_watch; /* inotify/fam/etc handle */
 |  | ||||||
| +struct notifyd_watcher {
 |  | ||||||
| +	/*
 |  | ||||||
| +	 * This is an intersections of the filter the watcher is listening for.
 |  | ||||||
| +	 */
 |  | ||||||
| +	uint32_t filter;
 |  | ||||||
| +	uint32_t subdir_filter;
 |  | ||||||
|   |  | ||||||
|  	/* |  | ||||||
| -	 * Filters after sys_watch took responsibility of some bits
 |  | ||||||
| +	 * Those are inout variables passed to the sys_watcher. The sys_watcher
 |  | ||||||
| +	 * will remove the bits it can't handle.
 |  | ||||||
|  	 */ |  | ||||||
| -	uint32_t internal_filter;
 |  | ||||||
| -	uint32_t internal_subdir_filter;
 |  | ||||||
| +	uint32_t sys_filter;
 |  | ||||||
| +	uint32_t sys_subdir_filter;
 |  | ||||||
| +
 |  | ||||||
| +	/* The handle for inotify/fam etc. */
 |  | ||||||
| +	void *sys_watch;
 |  | ||||||
| +};
 |  | ||||||
| +
 |  | ||||||
| +/*
 |  | ||||||
| + * Representation of a notifyd instance
 |  | ||||||
| + *
 |  | ||||||
| + * This will be stored in the db.
 |  | ||||||
| + */
 |  | ||||||
| +struct notifyd_instance {
 |  | ||||||
| +	struct server_id client;
 |  | ||||||
| +	struct notify_instance instance;
 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  /* |  | ||||||
|   * Parse an entry in the notifyd_context->entries database |  | ||||||
|   */ |  | ||||||
|   |  | ||||||
| -bool notifyd_parse_entry(
 |  | ||||||
| -	uint8_t *buf,
 |  | ||||||
| -	size_t buflen,
 |  | ||||||
| -	struct notifyd_instance **instances,
 |  | ||||||
| -	size_t *num_instances);
 |  | ||||||
| +bool notifyd_parse_entry(uint8_t *data,
 |  | ||||||
| +			 size_t data_len,
 |  | ||||||
| +			 struct notifyd_watcher *watcher,
 |  | ||||||
| +			 struct notifyd_instance **instances,
 |  | ||||||
| +			 size_t *num_instances);
 |  | ||||||
|   |  | ||||||
|  #endif |  | ||||||
| -- 
 |  | ||||||
| 2.49.0 |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| From 908674e5cef83c2ad9f2073a8fd362007b8a55f4 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Jeremy Allison <jra@samba.org> |  | ||||||
| Date: Wed, 15 Jan 2025 10:21:19 -0800 |  | ||||||
| Subject: [PATCH 4/5] auth: Add missing talloc_free() in error code path. |  | ||||||
| MIME-Version: 1.0 |  | ||||||
| Content-Type: text/plain; charset=UTF-8 |  | ||||||
| Content-Transfer-Encoding: 8bit |  | ||||||
| 
 |  | ||||||
| BUG: https://bugzilla.samba.org/show_bug.cgi?id=15782 |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Jeremy Allison <jra@samba.org> |  | ||||||
| Reviewed-by: Guenther Deschner <gd@samba.org> |  | ||||||
| 
 |  | ||||||
| Autobuild-User(master): Günther Deschner <gd@samba.org> |  | ||||||
| Autobuild-Date(master): Thu Jan 16 14:32:39 UTC 2025 on atb-devel-224 |  | ||||||
| 
 |  | ||||||
| (cherry picked from commit c514ce8dcadcbbf0d86f3038d2be0f9253a76b75) |  | ||||||
| ---
 |  | ||||||
|  auth/kerberos/kerberos_pac.c | 1 + |  | ||||||
|  1 file changed, 1 insertion(+) |  | ||||||
| 
 |  | ||||||
| diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
 |  | ||||||
| index b6272ac15eb..1f7d3e7ef26 100644
 |  | ||||||
| --- a/auth/kerberos/kerberos_pac.c
 |  | ||||||
| +++ b/auth/kerberos/kerberos_pac.c
 |  | ||||||
| @@ -360,6 +360,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		if (ret) { |  | ||||||
|  			DEBUG(5, ("PAC Decode: Failed to verify the service " |  | ||||||
|  				  "signature: %s\n", error_message(ret))); |  | ||||||
| +			talloc_free(tmp_ctx);
 |  | ||||||
|  			return NT_STATUS_ACCESS_DENIED; |  | ||||||
|  		} |  | ||||||
|   |  | ||||||
| -- 
 |  | ||||||
| 2.49.0 |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| From 761dbf898d92e00385e3516b487d5c4bdd761f23 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Jeremy Allison <jra@samba.org> |  | ||||||
| Date: Thu, 16 Jan 2025 16:12:31 -0800 |  | ||||||
| Subject: [PATCH 5/5] auth: Cleanup exit code paths in kerberos_decode_pac(). |  | ||||||
| MIME-Version: 1.0 |  | ||||||
| Content-Type: text/plain; charset=UTF-8 |  | ||||||
| Content-Transfer-Encoding: 8bit |  | ||||||
| 
 |  | ||||||
| One more memory leak missed and now fixed. tmp_ctx |  | ||||||
| must be freed once the pac data is talloc_move'd. |  | ||||||
| 
 |  | ||||||
| BUG: https://bugzilla.samba.org/show_bug.cgi?id=15782 |  | ||||||
| 
 |  | ||||||
| Signed-off-by: Jeremy Allison <jra@samba.org> |  | ||||||
| Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> |  | ||||||
| Reviewed-by: Christian Ambach <ambi@samba.org> |  | ||||||
| Reviewed-by: Guenther Deschner <gd@samba.org> |  | ||||||
| 
 |  | ||||||
| Autobuild-User(master): Günther Deschner <gd@samba.org> |  | ||||||
| Autobuild-Date(master): Fri Jan 17 12:01:47 UTC 2025 on atb-devel-224 |  | ||||||
| 
 |  | ||||||
| (cherry picked from commit f9eb0b248da0689c82656f3e482161c45749afb6) |  | ||||||
| ---
 |  | ||||||
|  auth/kerberos/kerberos_pac.c | 88 ++++++++++++++++++------------------ |  | ||||||
|  1 file changed, 43 insertions(+), 45 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
 |  | ||||||
| index 1f7d3e7ef26..4c61cfe838f 100644
 |  | ||||||
| --- a/auth/kerberos/kerberos_pac.c
 |  | ||||||
| +++ b/auth/kerberos/kerberos_pac.c
 |  | ||||||
| @@ -137,7 +137,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  			     time_t tgs_authtime, |  | ||||||
|  			     struct PAC_DATA **pac_data_out) |  | ||||||
|  { |  | ||||||
| -	NTSTATUS status;
 |  | ||||||
| +	NTSTATUS status = NT_STATUS_NO_MEMORY;
 |  | ||||||
|  	enum ndr_err_code ndr_err; |  | ||||||
|  	krb5_error_code ret; |  | ||||||
|  	DATA_BLOB modified_pac_blob; |  | ||||||
| @@ -173,8 +173,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  	kdc_sig_wipe = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA); |  | ||||||
|  	srv_sig_wipe = talloc(tmp_ctx, struct PAC_SIGNATURE_DATA); |  | ||||||
|  	if (!pac_data_raw || !pac_data || !kdc_sig_wipe || !srv_sig_wipe) { |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return NT_STATUS_NO_MEMORY;
 |  | ||||||
| +		status = NT_STATUS_NO_MEMORY;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	ndr_err = ndr_pull_struct_blob(&pac_data_blob, pac_data, pac_data, |  | ||||||
| @@ -183,15 +183,14 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		status = ndr_map_error2ntstatus(ndr_err); |  | ||||||
|  		DEBUG(0,("can't parse the PAC: %s\n", |  | ||||||
|  			nt_errstr(status))); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return status;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	if (pac_data->num_buffers < 4) { |  | ||||||
|  		/* we need logon_info, service_key and kdc_key */ |  | ||||||
|  		DEBUG(0,("less than 4 PAC buffers\n")); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		status = NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	ndr_err = ndr_pull_struct_blob( |  | ||||||
| @@ -201,15 +200,14 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		status = ndr_map_error2ntstatus(ndr_err); |  | ||||||
|  		DEBUG(0,("can't parse the PAC: %s\n", |  | ||||||
|  			nt_errstr(status))); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return status;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	if (pac_data_raw->num_buffers < 4) { |  | ||||||
|  		/* we need logon_info, service_key and kdc_key */ |  | ||||||
|  		DEBUG(0,("less than 4 PAC buffers\n")); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		status = NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	if (pac_data->num_buffers != pac_data_raw->num_buffers) { |  | ||||||
| @@ -217,8 +215,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		DEBUG(0, ("misparse! PAC_DATA has %d buffers while " |  | ||||||
|  			  "PAC_DATA_RAW has %d\n", pac_data->num_buffers, |  | ||||||
|  			  pac_data_raw->num_buffers)); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		status = NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	for (i=0; i < pac_data->num_buffers; i++) { |  | ||||||
| @@ -229,8 +227,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  			DEBUG(0, ("misparse! PAC_DATA buffer %d has type " |  | ||||||
|  				  "%d while PAC_DATA_RAW has %d\n", i, |  | ||||||
|  				  data_buf->type, raw_buf->type)); |  | ||||||
| -			talloc_free(tmp_ctx);
 |  | ||||||
| -			return NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +			status = NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +			goto out;
 |  | ||||||
|  		} |  | ||||||
|  		switch (data_buf->type) { |  | ||||||
|  		case PAC_TYPE_LOGON_INFO: |  | ||||||
| @@ -263,26 +261,26 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|   |  | ||||||
|  	if (!logon_info) { |  | ||||||
|  		DEBUG(0,("PAC no logon_info\n")); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		status = NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	if (!logon_name) { |  | ||||||
|  		DEBUG(0,("PAC no logon_name\n")); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		status = NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	if (!srv_sig_ptr || !srv_sig_blob) { |  | ||||||
|  		DEBUG(0,("PAC no srv_key\n")); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		status = NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	if (!kdc_sig_ptr || !kdc_sig_blob) { |  | ||||||
|  		DEBUG(0,("PAC no kdc_key\n")); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		status = NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	/* Find and zero out the signatures, |  | ||||||
| @@ -297,8 +295,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		status = ndr_map_error2ntstatus(ndr_err); |  | ||||||
|  		DEBUG(0,("can't parse the KDC signature: %s\n", |  | ||||||
|  			nt_errstr(status))); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return status;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	ndr_err = ndr_pull_struct_blob( |  | ||||||
| @@ -308,8 +305,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		status = ndr_map_error2ntstatus(ndr_err); |  | ||||||
|  		DEBUG(0,("can't parse the SRV signature: %s\n", |  | ||||||
|  			nt_errstr(status))); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return status;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	/* Now zero the decoded structure */ |  | ||||||
| @@ -326,8 +322,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		status = ndr_map_error2ntstatus(ndr_err); |  | ||||||
|  		DEBUG(0,("can't repack the KDC signature: %s\n", |  | ||||||
|  			nt_errstr(status))); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return status;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|  	ndr_err = ndr_push_struct_blob( |  | ||||||
|  			srv_sig_blob, pac_data_raw, srv_sig_wipe, |  | ||||||
| @@ -336,8 +331,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		status = ndr_map_error2ntstatus(ndr_err); |  | ||||||
|  		DEBUG(0,("can't repack the SRV signature: %s\n", |  | ||||||
|  			nt_errstr(status))); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return status;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	/* push out the whole structure, but now with zero'ed signatures */ |  | ||||||
| @@ -348,8 +342,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		status = ndr_map_error2ntstatus(ndr_err); |  | ||||||
|  		DEBUG(0,("can't repack the RAW PAC: %s\n", |  | ||||||
|  			nt_errstr(status))); |  | ||||||
| -		talloc_free(tmp_ctx);
 |  | ||||||
| -		return status;
 |  | ||||||
| +		goto out;
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	if (service_keyblock) { |  | ||||||
| @@ -360,8 +353,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		if (ret) { |  | ||||||
|  			DEBUG(5, ("PAC Decode: Failed to verify the service " |  | ||||||
|  				  "signature: %s\n", error_message(ret))); |  | ||||||
| -			talloc_free(tmp_ctx);
 |  | ||||||
| -			return NT_STATUS_ACCESS_DENIED;
 |  | ||||||
| +			status = NT_STATUS_ACCESS_DENIED;
 |  | ||||||
| +			goto out;
 |  | ||||||
|  		} |  | ||||||
|   |  | ||||||
|  		if (krbtgt_keyblock) { |  | ||||||
| @@ -371,8 +364,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  			if (ret) { |  | ||||||
|  				DEBUG(1, ("PAC Decode: Failed to verify the KDC signature: %s\n", |  | ||||||
|  					  smb_get_krb5_error_message(context, ret, tmp_ctx))); |  | ||||||
| -				talloc_free(tmp_ctx);
 |  | ||||||
| -				return NT_STATUS_ACCESS_DENIED;
 |  | ||||||
| +				status = NT_STATUS_ACCESS_DENIED;
 |  | ||||||
| +				goto out;
 |  | ||||||
|  			} |  | ||||||
|  		} |  | ||||||
|  	} |  | ||||||
| @@ -388,8 +381,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  				  nt_time_string(tmp_ctx, logon_name->logon_time))); |  | ||||||
|  			DEBUG(2, ("PAC Decode: Ticket: %s\n", |  | ||||||
|  				  nt_time_string(tmp_ctx, tgs_authtime_nttime))); |  | ||||||
| -			talloc_free(tmp_ctx);
 |  | ||||||
| -			return NT_STATUS_ACCESS_DENIED;
 |  | ||||||
| +			status = NT_STATUS_ACCESS_DENIED;
 |  | ||||||
| +			goto out;
 |  | ||||||
|  		} |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| @@ -401,8 +394,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  		if (ret) { |  | ||||||
|  			DEBUG(2, ("Could not unparse name from ticket to match with name from PAC: [%s]:%s\n", |  | ||||||
|  				  logon_name->account_name, error_message(ret))); |  | ||||||
| -			talloc_free(tmp_ctx);
 |  | ||||||
| -			return NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +			status = NT_STATUS_INVALID_PARAMETER;
 |  | ||||||
| +			goto out;
 |  | ||||||
|  		} |  | ||||||
|   |  | ||||||
|  		bool_ret = strcmp(client_principal_string, logon_name->account_name) == 0; |  | ||||||
| @@ -413,8 +406,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  				  logon_name->account_name, |  | ||||||
|  				  client_principal_string)); |  | ||||||
|  			SAFE_FREE(client_principal_string); |  | ||||||
| -			talloc_free(tmp_ctx);
 |  | ||||||
| -			return NT_STATUS_ACCESS_DENIED;
 |  | ||||||
| +			status = NT_STATUS_ACCESS_DENIED;
 |  | ||||||
| +			goto out;
 |  | ||||||
|  		} |  | ||||||
|  		SAFE_FREE(client_principal_string); |  | ||||||
|   |  | ||||||
| @@ -435,10 +428,15 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	if (pac_data_out) { |  | ||||||
| -		*pac_data_out = talloc_steal(mem_ctx, pac_data);
 |  | ||||||
| +		*pac_data_out = talloc_move(mem_ctx, &pac_data);
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	return NT_STATUS_OK;
 |  | ||||||
| +	status = NT_STATUS_OK;
 |  | ||||||
| +
 |  | ||||||
| +    out:
 |  | ||||||
| +
 |  | ||||||
| +	TALLOC_FREE(tmp_ctx);
 |  | ||||||
| +	return status;
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, |  | ||||||
| -- 
 |  | ||||||
| 2.49.0 |  | ||||||
| 
 |  | ||||||
							
								
								
									
										6211
									
								
								SOURCES/redhat-4.21.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6211
									
								
								SOURCES/redhat-4.21.patch
									
									
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @ -1,16 +0,0 @@ | |||||||
| -----BEGIN PGP SIGNATURE----- |  | ||||||
| 
 |  | ||||||
| iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmZy684ACgkQqplEL7aA |  | ||||||
| tiDXDw/+KleJ11LLq5ZlXMlj11niRCETErY8cuoZ9VX04lfRwRBnplpKKLSQuFit |  | ||||||
| 5HeY5ED65DhbpGzPfLPx7xOw4wyFc/bXhHPTgF3Ybj8TKkEcaMmkpD3V8FPa4NAt |  | ||||||
| vNZ3alLQLP//kgRXnqeV9pfa4slx17G6WeBLbpd8b4SbgPMgokJt7hL3nWfBrFE9 |  | ||||||
| p6B+TKZcwfoCn9ufz1UxMpBFtpSK0yF0S7CQcdv3JrBNIYhULuXbnAnLCHcH1RqW |  | ||||||
| xreoxZPnMx+SrYb0iHyKbkMsDujCqBKm9CyS13Yt9DjI49lv0pBwQFnaqtR4Xm/D |  | ||||||
| BU2XIWLLInUecxtUOBtsa046h55fLQPgkb+WYob++iA9r91y4JAZIiAxdVrNLsxR |  | ||||||
| BiFUxkL7EPtyptT84xNjpQ3CTZuw8tlHu/sJ1/XHRUFMtRGjiMqJp7ULsVQDfwET |  | ||||||
| 7T+HHrVHNstddb9A6WfM8qSItoMfGUlYyzTQ2d3OmrbGRnB0qf+zg9DI+vXv5Itx |  | ||||||
| M23we8ljSadCnc/kqz3Z6gefI538WWDnbXIljRqDxuzwaSXhMd4heG+xIAAO0Of5 |  | ||||||
| ziyCVQ/n8gnyXQmC82Xlebc3mYki8UoyYWdbVNJZAOEo/LuBql1OkjOhkhMcBDmr |  | ||||||
| qvD6f+0+MA4nydmVhI/q/pmo7nAUD3SAxmRKrVTwjpjcAnZ4IGw= |  | ||||||
| =CGiK |  | ||||||
| -----END PGP SIGNATURE----- |  | ||||||
							
								
								
									
										16
									
								
								SOURCES/samba-4.21.3.tar.asc
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								SOURCES/samba-4.21.3.tar.asc
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,16 @@ | |||||||
|  | -----BEGIN PGP SIGNATURE----- | ||||||
|  | 
 | ||||||
|  | iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmd796YACgkQqplEL7aA | ||||||
|  | tiAdpA/9EodazpG4Vo534WW3aKiBxEWt0LzGjDZ6GUbTpCRIJE+a/a36rxbAgHFH | ||||||
|  | Mpc9mVnCI6/UWv1plnsLwNG4RnC/o0tDrw2ttvIX/ZEiWEPWU38sgfZ+vlwX1r2B | ||||||
|  | 3Hi7Uym4br0SmPwrep5kPfjnE396ftlnC6YMHXZ+tg3i6y8m6msr8rEB8ejLx7RF | ||||||
|  | qXtJ/YO4HK2DrE51l/Ziyav9FwBgVoE9Sl0oXwLoUX5lhWh6qNe8Qz+bd0s36x1e | ||||||
|  | 5w+ocSNuD2ph5uO1W+pmdOJyMgq8QFchOwxdHi454nRrelp7Kwtb2ARBHrFwoQ+V | ||||||
|  | kinQlufJ0sb59imso65Tl3EGuuV61CUQgGx9Ln9/wBMXdiPDNhi/H+ikH2AeVzpz | ||||||
|  | DFuL9WEU/HYT4thCKlNox5T8s90/95vT5MlN2q/CJhFjIti6mb7iM9uxatGFzUBI | ||||||
|  | A3OxPRc9IbORTEPYxLzsuPrxo+bcFXg0Go8SoNa4W3NYIehMDqnuWOOnC/ixleta | ||||||
|  | ig635ivxl5owC1CC/GzilBnJ/Tq4bzbZOrYDeYCYa5FkXv9EaTIT9JQcRr0LJcDS | ||||||
|  | Z43RoD9g9tG6tIea0XyAaPkfVillfnf70vcuelxycl3bhhuvSZUQ+8cqQ0vuUg1V | ||||||
|  | pcclEjCcgIecIR9r2zSv5S5EldS7hQ6t5pCC5KcJKyeq+LLaj5s= | ||||||
|  | =DkSu | ||||||
|  | -----END PGP SIGNATURE----- | ||||||
							
								
								
									
										1446
									
								
								SPECS/samba.spec
									
									
									
									
									
								
							
							
						
						
									
										1446
									
								
								SPECS/samba.spec
									
									
									
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
		Loading…
	
		Reference in New Issue
	
	Block a user