Mirror/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-07-23 19:25:25 +03:00
Code Issues Wiki Activity

main/samba: upgrade to 4.21.3

Browse source
This commit is contained in:
Noel Kuntze 2025-01-30 02:54:10 +01:00 committed by Natanael Copa
parent be8a7c5d33
commit 9a54a70d94
6 changed files with 1789 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

210
main/samba/APKBUILD
View file

@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=samba
pkgver=4.20.6
pkgrel=1
pkgver=4.21.3
pkgrel=0
pkgdesc="Tools to access a server's filespace and printers via SMB"
url="https://www.samba.org/"
arch="all"
@ -13,6 +13,9 @@ subpackages="
$pkgname-server-openrc
libwbclient
$pkgname-util-libs:_util_libs
ldb
ldb-tools:_ldb_tools
py3-ldb:_py3_ldb
$pkgname-common:_common:noarch
$pkgname-common-tools:_common_tools
@ -62,19 +65,18 @@ makedepends="
icu-dev
iniparser-dev
jansson-dev
ldb-dev
libarchive-dev
libcap-dev
libtirpc-dev
liburing-dev
linux-pam-dev
lmdb-dev
musl-nscd-dev
ncurses-dev
openldap-dev
perl
perl-parse-yapp
popt-dev
py3-ldb
py3-tdb
py3-tevent
python3-dev
@ -97,8 +99,13 @@ makedepends="
# "
source="
https://download.samba.org/pub/samba/stable/samba-$pkgver.tar.gz
disable-compile-error-test.patch
ldb-tests.patch
musl_uintptr.patch
default-config.patch
s3-notifyd.patch
pycrypt.patch
smbreadline.patch
$pkgname.initd
$pkgname.confd
@ -212,7 +219,7 @@ build() {
local _vfs_modules=vfs_dfs_samba4
# pclose, ..
export CFLAGS="$CFLAGS -O2 -D_BSD_SOURCE -flto=auto"
export CFLAGS="$CFLAGS -O2 -flto=auto"
./configure \
--prefix=/usr \
--sysconfdir=/etc/$pkgname \
@ -229,7 +236,8 @@ build() {
--with-shared-modules=$_idmap_modules,$_pdb_modules,$_auth_modules,$_vfs_modules \
--enable-cups \
--without-gettext \
--bundled-libraries=!talloc,!pytalloc,!pytalloc-util,!tdb,!pytdb,!ldb,!pyldb,!pyldb-util,!tevent,!pytevent,!popt \
--private-libraries=!ldb \
--bundled-libraries=!talloc,!pytalloc,!pytalloc-util,!tdb,!pytdb,!tevent,!pytevent,!popt \
--disable-rpath-install \
--without-gpgme \
--disable-fault-handling
@ -277,16 +285,30 @@ _common() {
# samba-libs-py3 is an attempt to avoid libpython dependency for libsmbclient
_libs_py3() {
pkgdesc="Libraries that require libpython"
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-client-libs=$pkgver-r$pkgrel
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
ldb=$pkgver-r$pkgrel
py3-ldb=$pkgver-r$pkgrel
"
amove \
usr/lib/$pkgname/libsamba-net*private-samba.so \
usr/lib/$pkgname/libsamba-python*private-samba.so
usr/lib/$pkgname/libsamba-python*private-samba.so \
usr/lib/$pkgname/libpyldb-util*private-samba.so
}
# may depend on samba-common-server-libs but not samba-server-libs
_common_tools() {
pkgdesc="Tools for Samba servers and clients"
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-client-libs=$pkgver-r$pkgrel
$pkgname-common-server-libs=$pkgver-r$pkgrel
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
libauth-$pkgname=$pkgver-r$pkgrel
libwbclient=$pkgver-r$pkgrel
"
amove \
usr/bin/net \
usr/bin/pdbedit \
@ -302,7 +324,12 @@ _common_tools() {
# should not depend on client libs
_common_server_libs() {
pkgdesc="Samba libraries shared by common-tools and servers" # not shared with clients
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
ldb=$pkgver-r$pkgrel
libauth-$pkgname=$pkgver-r$pkgrel
"
amove \
usr/lib/libdcerpc-server-core.so.* \
usr/lib/libnetapi.so.* \
@ -316,7 +343,10 @@ _common_server_libs() {
libsmbclient() {
pkgdesc="The SMB client library"
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
"
amove \
usr/lib/libsmbclient.so.*
}
@ -324,7 +354,12 @@ libsmbclient() {
# should only depend on samba-util-libs, libwbclient and samba-libs
_client_libs() {
pkgdesc="Samba libraries used by clients"
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
ldb=$pkgver-r$pkgrel
libauth-$pkgname=$pkgver-r$pkgrel
"
amove \
usr/lib/$pkgname/libad-claims-private-samba.so \
usr/lib/$pkgname/libauthn-policy-util-private-samba.so \
@ -345,8 +380,13 @@ _client_libs() {
client() {
pkgdesc="Samba client programs"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-client-libs=$pkgver-r$pkgrel
$pkgname-common=$pkgver-r$pkgrel
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
ldb=$pkgver-r$pkgrel
libsmbclient=$pkgver-r$pkgrel
libwbclient=$pkgver-r$pkgrel
"
amove \
usr/bin/cifsdd \
@ -378,7 +418,10 @@ client() {
# should not pull in samba-client-libs
_server_libs() {
pkgdesc="Samba libraries shared by server and windbind"
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
"
amove \
usr/lib/$pkgname/libdcerpc-samba4-private-samba.so \
usr/lib/$pkgname/libidmap-private-samba.so \
@ -389,8 +432,13 @@ _server_libs() {
winbind() {
pkgdesc="Samba user and group resolver"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-common=$pkgver-r$pkgrel
$pkgname-common-server-libs=$pkgver-r$pkgrel
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-server-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
ldb=$pkgver-r$pkgrel
libauth-$pkgname=$pkgver-r$pkgrel
"
install="winbind.pre-install winbind.pre-upgrade winbind.post-install
winbind.post-upgrade"
@ -419,6 +467,55 @@ _util_libs() {
usr/lib/$pkgname/libstable-sort-private-samba.so
}
# ldb is provided as a separate library for dependant packages such as sssd
ldb() {
pkgdesc="Schema-less, ldap like, API and database"
depends="$pkgname-util-libs=$pkgver-r$pkgrel"
amove \
usr/lib/libldb.so.* \
usr/lib/$pkgname/libldb-key-value-private-samba.so \
usr/lib/$pkgname/libldb-tdb-err-map-private-samba.so \
usr/lib/$pkgname/libldb-tdb-int-private-samba.so \
usr/lib/$pkgname/ldb/asq.so \
usr/lib/$pkgname/ldb/ldb.so \
usr/lib/$pkgname/ldb/paged_searches.so \
usr/lib/$pkgname/ldb/rdn_name.so \
usr/lib/$pkgname/ldb/sample.so \
usr/lib/$pkgname/ldb/server_sort.so \
usr/lib/$pkgname/ldb/skel.so \
usr/lib/$pkgname/ldb/tdb.so
# only on 64 bit hosts
if [ -e "$pkgdir/usr/lib/$pkgname/libldb-mdb-int-private-samba.so" ]; then
amove usr/lib/$pkgname/libldb-mdb-int-private-samba.so
fi
if [ -e "$pkgdir/usr/lib/$pkgname/ldb/mdb.so" ]; then
amove usr/lib/$pkgname/ldb/mdb.so
fi
}
_ldb_tools() {
pkgdesc="Tools to manage LDB files"
depends="ldb=$pkgver-r$pkgrel"
amove \
usr/bin/ldbadd \
usr/bin/ldbdel \
usr/bin/ldbedit \
usr/bin/ldbmodify \
usr/bin/ldbrename \
usr/bin/ldbsearch \
usr/lib/$pkgname/libldb-cmdline-private-samba.so
}
_py3_ldb() {
pkgdesc="Python 3 binding for the ldb library"
depends="ldb=$pkgver-r$pkgrel"
amove \
usr/lib/python3*/site-packages/_ldb_text.py \
usr/lib/python3*/site-packages/ldb.*
}
# should only depend on samba-util-libs
libwbclient() {
pkgdesc="Samba winbind client libraries"
@ -428,7 +525,11 @@ libwbclient() {
_winbind_clients() {
pkgdesc="Samba winbind client tools"
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
libwbclient=$pkgver-r$pkgrel
"
amove \
usr/bin/ntlm_auth \
usr/bin/wbinfo
@ -444,7 +545,11 @@ _libnss_winbind() {
_winbind_krb5_locator() {
pkgdesc="Samba winbind krb5 locator"
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
libwbclient=$pkgver-r$pkgrel
"
amove \
usr/lib/samba/krb5
}
@ -459,10 +564,17 @@ _pam_winbind() {
dc() {
pkgdesc="Samba AD Domain Controller"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-client-libs=$pkgver-r$pkgrel
$pkgname-common=$pkgver-r$pkgrel
$pkgname-common-server-libs=$pkgver-r$pkgrel
$pkgname-common-tools=$pkgver-r$pkgrel
$pkgname-dc-libs=$pkgver-r$pkgrel
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-server=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
$pkgname-winbind=$pkgver-r$pkgrel
ldb=$pkgver-r$pkgrel
libauth-$pkgname=$pkgver-r$pkgrel
py3-$pkgname=$pkgver-r$pkgrel
$_dc_deps
"
@ -479,7 +591,15 @@ dc() {
_dc_libs() {
pkgdesc="Samba AD Domain Controller libraries"
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-client-libs=$pkgver-r$pkgrel
$pkgname-common-server-libs=$pkgver-r$pkgrel
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-server-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
ldb=$pkgver-r$pkgrel
libwbclient=$pkgver-r$pkgrel
"
amove \
usr/lib/libdcerpc-samr.so.* \
usr/lib/libdcerpc-server.so.* \
@ -507,8 +627,13 @@ _dc_libs() {
server() {
pkgdesc="Samba server"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-client-libs=$pkgver-r$pkgrel
$pkgname-common=$pkgver-r$pkgrel
$pkgname-common-server-libs=$pkgver-r$pkgrel
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
libauth-$pkgname=$pkgver-r$pkgrel
libwbclient=$pkgver-r$pkgrel
acl
"
amove \
@ -539,7 +664,14 @@ pidl() {
_py3() {
pkgdesc="Samba python libraries"
depends="
$pkgname-client-libs=$pkgver-r$pkgrel
$pkgname-common-server-libs=$pkgver-r$pkgrel
$pkgname-dc-libs=$pkgver-r$pkgrel
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-libs-py3=$pkgver-r$pkgrel
$pkgname-server-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
ldb=$pkgver-r$pkgrel
py3-tdb
"
mkdir -p "$subpkgdir"/usr/lib
@ -548,7 +680,20 @@ _py3() {
_test() {
pkgdesc="Samba server and client testing tools"
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-client-libs=$pkgver-r$pkgrel
$pkgname-common-server-libs=$pkgver-r$pkgrel
$pkgname-dc=$pkgver-r$pkgrel
$pkgname-dc-libs=$pkgver-r$pkgrel
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-libs-py3=$pkgver-r$pkgrel
$pkgname-server-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
ldb=$pkgver-r$pkgrel
libauth-$pkgname=$pkgver-r$pkgrel
libsmbclient=$pkgver-r$pkgrel
libwbclient=$pkgver-r$pkgrel
"
amove \
usr/bin/gentest \
usr/bin/locktest \
@ -562,16 +707,21 @@ _test() {
# avoid samba-libs and libsmbclient depending on pam
_libauth() {
pkgdesc="Samba auth library shared by common-tools, server and clients"
depends="$pkgname-libs=$pkgver-r$pkgrel"
depends="
$pkgname-libs=$pkgver-r$pkgrel
$pkgname-util-libs=$pkgver-r$pkgrel
libwbclient=$pkgver-r$pkgrel
"
amove usr/lib/$pkgname/libauth-private-samba.so
}
# should only depend on samba-util-libs and libwbclient
# should only depend on samba-util-libs, ldb and libwbclient
libs() {
pkgdesc="Samba core libraries shared by common-tools, server and clients"
depends="
$pkgname-util-libs=$pkgver-r$pkgrel
ldb=$pkgver-r$pkgrel
libwbclient=$pkgver-r$pkgrel
"
# heimdal libs
@ -639,7 +789,7 @@ libs() {
usr/lib/$pkgname/libtalloc-report-printf-private-samba.so \
usr/lib/$pkgname/libtalloc-report-private-samba.so \
usr/lib/$pkgname/libtdb-wrap-private-samba.so \
usr/lib/$pkgname/libtrusts-util-private-samba.so \
usr/lib/$pkgname/libutil-crypt-private-samba.so \
usr/lib/$pkgname/libutil-reg-private-samba.so \
usr/lib/$pkgname/libutil-setid-private-samba.so \
usr/lib/$pkgname/libutil-tdb-private-samba.so \
@ -666,10 +816,20 @@ libs() {
fi
}
depends_dev() {
provides="ldb-dev"
amove usr/include/$pkgname
}
sha512sums="
3cc45a9391ea9f8522e45bd6429109d118297e0da2fbd7d86f2625516b5ef5b2dc8d22173b9bd763ea97f754467766cc123eab28b56f9b62c1a14a078ac71e14 samba-4.20.6.tar.gz
b030e4a9749742bfa31b6ef03a3327f1b77b8db388a2d1d591bc8cf26db365ac773c1aa1f2710e7c94585685cdba6c0769af7ba0e0175db33e9d2552c97601ae samba-4.21.3.tar.gz
ef26ef5d6e45c40e8752739cc5a7968a4b9371bb17a7b76fd69cde0b163956a70c893a482c72dc17ab1dd55b695f229b9250195cdca8cd50f75ba02d48058cb5 disable-compile-error-test.patch
102469afc438985809543bf906655ddcbdb059455ab9dca301f7a2254f4740adfde4f8eed69c6b7a18a080b622d0a317cd34ef13d49d772543848ec605263fab ldb-tests.patch
b7906d66fe55a980a54161ee3f311b51bcbce76b8d4c8cc1ba6d0c5bdf98232cb192b9d2c1aa7b3e2742f5b9848c6cf429347940eefe66c3e0eda1d5aac1bf93 musl_uintptr.patch
14666954aec4a0bc7a6730ba3a9afdbd4e27c083a038d9a1f5a033e4f0a42bc8408906612ea51f74bf743ff8a225242e54b0a518367fe526b110639bfbfdd071 default-config.patch
a07aaf2520e8f3f8938913c38ebfe3a518048f2d1b95413edbb194b071af678b5dd3853c4443f3ada1ad7f6f5ccef51cc634adce24f41476ed423795a47e2499 s3-notifyd.patch
c4bc1ea224f14028f5034eb28cc41b8a2a491dd9f20fc5e97836c65e8c4d8fd88be286fe5de94cbf54c125879c807d2414d02246ec4ca6207bdd5fd719b55443 pycrypt.patch
1a0bb3c0c022d3aa2e843bd38066cd149448495e20247327d70d69231a79c7490729e86350e00c79c7e2d2f62464c133237117013edd117afac35dcdd9f3f2ba smbreadline.patch
fdd31d53cd96bf4f67f74abd770493d04f6330f31654ad445e69f4c445b97e211db30049ddf51591e3ab733c4b62bef3436725da89c566c5d8e17e1b26b1fb19 samba.initd
e5a4022aad21be7ad6bd067d60dd7bf447ae7191aecdd4081ccf5f08565ee5e13f592777749bc460773a20a830ef59c47faa322c55253b6ce4160f8285f74c46 samba.confd
ec6b47d452c53cdac973d0bdd926e5c07a4f8dafb04033ec1e778de8c2ca34525cd494cc00cf87492058a5fad014473abf37e9f6f3399bba165dfb67fcba877b samba.logrotate

21
main/samba/disable-compile-error-test.patch Normal file
View file

@ -0,0 +1,21 @@
--- a/lib/ldb/tests/ldb_match_test.c
+++ b/lib/ldb/tests/ldb_match_test.c
@@ -32,6 +32,8 @@
* This allows test applications to use custom definitions of C standard
* library functions and types.
*/
+// disabled on alpine
+#if 0
#include <stdarg.h>
#include <stddef.h>
#include <stdint.h>
@@ -189,3 +191,9 @@
return cmocka_run_group_tests(tests, NULL, NULL);
}
+#else
+int main(int argc, const char **argv)
+{
+ return 0;
+}
+#endif

13
main/samba/ldb-tests.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/lib/ldb/tests/test_ldb_comparison_fold.c b/lib/ldb/tests/test_ldb_comparison_fold.c
index 601cfe6..4fbb455 100644
--- a/lib/ldb/tests/test_ldb_comparison_fold.c
+++ b/lib/ldb/tests/test_ldb_comparison_fold.c
@@ -52,7 +52,7 @@ struct ranked_value {
int rank;
};
-#define STR_VAL(s, r) { { discard_const(s), sizeof(s) - 1 }, r}
+#define STR_VAL(s, r) { { s, sizeof(s) - 1 }, r}
static const struct ranked_value values_common[] = {
STR_VAL("", 0),

945
main/samba/pycrypt.patch Normal file
View file

@ -0,0 +1,945 @@
From 07fe7b437c695c7a715418d4414c930b72758dab Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 5 Dec 2024 16:35:51 +1300
Subject: [PATCH 01/11] util: add a crypt wrapper, derived from
dsdb:password_hash
This is going to be used by the dsdb password_hash module, and exposed
to Python via pyglue.
We're doing this because Python 3.13 has dropped crypt from the Python
standard library.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(backported from commit 833455c7f9f71583d567e3a53e854567cd8c3b0b,
Signed-off-by added)
---
lib/util/util_crypt.c | 90 ++++++++++++++++++++++++++++++++++++++++++
lib/util/util_crypt.h | 5 +++
lib/util/wscript_build | 6 +++
3 files changed, 101 insertions(+)
create mode 100644 lib/util/util_crypt.c
create mode 100644 lib/util/util_crypt.h
diff --git a/lib/util/util_crypt.c b/lib/util/util_crypt.c
new file mode 100644
index 00000000000..0f7b2d0fd31
--- /dev/null
+++ b/lib/util/util_crypt.c
@@ -0,0 +1,90 @@
+#include <replace.h>
+#include "data_blob.h"
+#include <talloc.h>
+#include <crypt.h>
+#include "util_crypt.h"
+
+
+static int crypt_as_best_we_can(const char *phrase,
+ const char *setting,
+ const char **hashp)
+{
+ int ret = 0;
+ const char *hash = NULL;
+
+#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT_RN)
+ struct crypt_data crypt_data = {
+ .initialized = 0 /* working storage used by crypt */
+ };
+#endif
+
+ /*
+ * crypt_r() and crypt() may return a null pointer upon error
+ * depending on how libcrypt was configured, so we prefer
+ * crypt_rn() from libcrypt / libxcrypt which always returns
+ * NULL on error.
+ *
+ * POSIX specifies returning a null pointer and setting
+ * errno.
+ *
+ * RHEL 7 (which does not use libcrypt / libxcrypt) returns a
+ * non-NULL pointer from crypt_r() on success but (always?)
+ * sets errno during internal processing in the NSS crypto
+ * subsystem.
+ *
+ * By preferring crypt_rn we avoid the 'return non-NULL but
+ * set-errno' that we otherwise cannot tell apart from the
+ * RHEL 7 behaviour.
+ */
+ errno = 0;
+
+#ifdef HAVE_CRYPT_RN
+ hash = crypt_rn(phrase, setting,
+ &crypt_data,
+ sizeof(crypt_data));
+#elif HAVE_CRYPT_R
+ hash = crypt_r(phrase, setting, &crypt_data);
+#else
+ /*
+ * No crypt_r falling back to crypt, which is NOT thread safe
+ * Thread safety MT-Unsafe race:crypt
+ */
+ hash = crypt(phrase, setting);
+#endif
+ /*
+ * On error, crypt() and crypt_r() may return a null pointer,
+ * or a pointer to an invalid hash beginning with a '*'.
+ */
+ ret = errno;
+ errno = 0;
+ if (hash == NULL || hash[0] == '*') {
+ if (ret == 0) {
+ /* this is annoying */
+ ret = ENOTRECOVERABLE;
+ }
+ }
+
+ *hashp = hash;
+ return ret;
+}
+
+
+int talloc_crypt_blob(TALLOC_CTX *mem_ctx,
+ const char *phrase,
+ const char *setting,
+ DATA_BLOB *blob)
+{
+ const char *hash = NULL;
+ int ret = crypt_as_best_we_can(phrase, setting, &hash);
+ if (ret != 0) {
+ blob->data = NULL;
+ blob->length = 0;
+ return ret;
+ }
+ blob->length = strlen(hash);
+ blob->data = talloc_memdup(mem_ctx, hash, blob->length);
+ if (blob->data == NULL) {
+ return ENOMEM;
+ }
+ return 0;
+}
diff --git a/lib/util/util_crypt.h b/lib/util/util_crypt.h
new file mode 100644
index 00000000000..8c289e489e8
--- /dev/null
+++ b/lib/util/util_crypt.h
@@ -0,0 +1,5 @@
+
+int talloc_crypt_blob(TALLOC_CTX *mem_ctx,
+ const char *phrase,
+ const char *cmd,
+ DATA_BLOB *blob);
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index b4fcfeaba07..7de9c0b7b17 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -253,6 +253,12 @@ else:
private_library=True,
local_include=False)
+ bld.SAMBA_LIBRARY('util_crypt',
+ source='util_crypt.c',
+ deps='talloc crypt',
+ private_library=True,
+ local_include=False)
+
bld.SAMBA_SUBSYSTEM('UNIX_PRIVS',
source='unix_privs.c',
--
2.48.1
From adf180613e4172292090d4c3573a439388a09788 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 11 Dec 2024 14:29:21 +1300
Subject: [PATCH 02/11] dsdb:password_hash: move hash_blob allocation up
This will make the next patch simpler.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1edb12f79593d0b2aac36d5acdaaae6f495772f6)
---
source4/dsdb/samdb/ldb_modules/password_hash.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 1d1267624e2..c1902126a72 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1649,6 +1649,13 @@ static int setup_primary_userPassword_hash(
}
}
+ hash_blob = talloc_zero(ctx, DATA_BLOB);
+
+ if (hash_blob == NULL) {
+ TALLOC_FREE(frame);
+ return ldb_oom(ldb);
+ }
+
/*
* Relies on the assertion that cleartext_utf8->data is a zero
* terminated UTF-8 string
@@ -1712,15 +1719,10 @@ static int setup_primary_userPassword_hash(
scheme,
reason);
TALLOC_FREE(frame);
+ TALLOC_FREE(hash_blob);
return LDB_ERR_OPERATIONS_ERROR;
}
- hash_blob = talloc_zero(ctx, DATA_BLOB);
-
- if (hash_blob == NULL) {
- TALLOC_FREE(frame);
- return ldb_oom(ldb);
- }
*hash_blob = data_blob_talloc(hash_blob,
(const uint8_t *)hash,
--
2.48.1
From 9d43e4d649db23549bbb230ed60426fa286b7ab7 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 12 Dec 2024 11:16:22 +1300
Subject: [PATCH 03/11] dsdb:password_hash: use talloc_crypt_blob()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit c7597380b479208e33a403211cec9b3c7bd3f034)
---
.../dsdb/samdb/ldb_modules/password_hash.c | 68 ++++---------------
.../samdb/ldb_modules/wscript_build_server | 2 +-
2 files changed, 13 insertions(+), 57 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index c1902126a72..7a7114c1caa 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -51,6 +51,7 @@
#include "auth/common_auth.h"
#include "lib/messaging/messaging.h"
#include "lib/param/loadparm.h"
+#include "lib/util/util_crypt.h"
#include "lib/crypto/gnutls_helpers.h"
#include <gnutls/crypto.h>
@@ -1592,16 +1593,11 @@ static int setup_primary_userPassword_hash(
struct ldb_context *ldb = ldb_module_get_ctx(io->ac->module);
const char *salt = NULL; /* Randomly generated salt */
const char *cmd = NULL; /* command passed to crypt */
- const char *hash = NULL; /* password hash generated by crypt */
int algorithm = 0; /* crypt hash algorithm number */
int rounds = 0; /* The number of hash rounds */
+ int ret;
DATA_BLOB *hash_blob = NULL;
TALLOC_CTX *frame = talloc_stackframe();
-#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT_RN)
- struct crypt_data crypt_data = {
- .initialized = 0 /* working storage used by crypt */
- };
-#endif
/* Generate a random password salt */
salt = generate_random_str_list(frame,
@@ -1660,52 +1656,20 @@ static int setup_primary_userPassword_hash(
* Relies on the assertion that cleartext_utf8->data is a zero
* terminated UTF-8 string
*/
-
- /*
- * crypt_r() and crypt() may return a null pointer upon error
- * depending on how libcrypt was configured, so we prefer
- * crypt_rn() from libcrypt / libxcrypt which always returns
- * NULL on error.
- *
- * POSIX specifies returning a null pointer and setting
- * errno.
- *
- * RHEL 7 (which does not use libcrypt / libxcrypt) returns a
- * non-NULL pointer from crypt_r() on success but (always?)
- * sets errno during internal processing in the NSS crypto
- * subsystem.
- *
- * By preferring crypt_rn we avoid the 'return non-NULL but
- * set-errno' that we otherwise cannot tell apart from the
- * RHEL 7 behaviour.
- */
- errno = 0;
-
-#ifdef HAVE_CRYPT_RN
- hash = crypt_rn((char *)io->n.cleartext_utf8->data,
- cmd,
- &crypt_data,
- sizeof(crypt_data));
-#elif HAVE_CRYPT_R
- hash = crypt_r((char *)io->n.cleartext_utf8->data, cmd, &crypt_data);
-#else
- /*
- * No crypt_r falling back to crypt, which is NOT thread safe
- * Thread safety MT-Unsafe race:crypt
- */
- hash = crypt((char *)io->n.cleartext_utf8->data, cmd);
-#endif
- /*
- * On error, crypt() and crypt_r() may return a null pointer,
- * or a pointer to an invalid hash beginning with a '*'.
- */
- if (hash == NULL || hash[0] == '*') {
+ ret = talloc_crypt_blob(hash_blob,
+ (char *)io->n.cleartext_utf8->data,
+ cmd,
+ hash_blob);
+ if (ret != 0) {
char buf[1024];
const char *reason = NULL;
- if (errno == ERANGE) {
+ if (ret == ERANGE) {
reason = "Password exceeds maximum length allowed for crypt() hashing";
+ } else if (ret == ENOTRECOVERABLE) {
+ /* probably weird RHEL7 crypt, see talloc_crypt_blob() */
+ reason = "Unknown error";
} else {
- int err = strerror_r(errno, buf, sizeof(buf));
+ int err = strerror_r(ret, buf, sizeof(buf));
if (err == 0) {
reason = buf;
} else {
@@ -1723,14 +1687,6 @@ static int setup_primary_userPassword_hash(
return LDB_ERR_OPERATIONS_ERROR;
}
-
- *hash_blob = data_blob_talloc(hash_blob,
- (const uint8_t *)hash,
- strlen(hash));
- if (hash_blob->data == NULL) {
- TALLOC_FREE(frame);
- return ldb_oom(ldb);
- }
hash_value->value = hash_blob;
TALLOC_FREE(frame);
return LDB_SUCCESS;
diff --git a/source4/dsdb/samdb/ldb_modules/wscript_build_server b/source4/dsdb/samdb/ldb_modules/wscript_build_server
index 9c1eb12a7c2..16d9b31a982 100644
--- a/source4/dsdb/samdb/ldb_modules/wscript_build_server
+++ b/source4/dsdb/samdb/ldb_modules/wscript_build_server
@@ -195,7 +195,7 @@ bld.SAMBA_MODULE('ldb_password_hash',
init_function='ldb_password_hash_module_init',
module_init_name='ldb_init_module',
internal_module=False,
- deps='talloc samdb LIBCLI_AUTH NDR_DRSBLOBS authkrb5 krb5 gpgme DSDB_MODULE_HELPERS crypt db-glue'
+ deps='talloc samdb LIBCLI_AUTH NDR_DRSBLOBS authkrb5 krb5 gpgme DSDB_MODULE_HELPERS util_crypt db-glue'
)
--
2.48.1
From 1c94645881bd5130c67bfee96aa463f360df300a Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 11 Dec 2024 14:30:04 +1300
Subject: [PATCH 04/11] util: add a crypt strerror helper
This will be used by Python also.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5f365e71c1fa8cdc533159283a5977164b5d39f2)
---
lib/util/util_crypt.c | 24 +++++++++++++++++++
lib/util/util_crypt.h | 2 ++
.../dsdb/samdb/ldb_modules/password_hash.c | 16 +------------
3 files changed, 27 insertions(+), 15 deletions(-)
diff --git a/lib/util/util_crypt.c b/lib/util/util_crypt.c
index 0f7b2d0fd31..09cd47597d1 100644
--- a/lib/util/util_crypt.c
+++ b/lib/util/util_crypt.c
@@ -88,3 +88,27 @@ int talloc_crypt_blob(TALLOC_CTX *mem_ctx,
}
return 0;
}
+
+
+char *talloc_crypt_errstring(TALLOC_CTX *mem_ctx, int error)
+{
+ char buf[1024];
+ int err;
+ if (error == ERANGE) {
+ return talloc_strdup(
+ mem_ctx,
+ "Password exceeds maximum length allowed for crypt() hashing");
+ }
+ if (error == ENOTRECOVERABLE) {
+ /* probably weird RHEL7 crypt, see crypt_as_best_we_can() */
+ goto unknown;
+ }
+
+ err = strerror_r(error, buf, sizeof(buf));
+ if (err != 0) {
+ goto unknown;
+ }
+ return talloc_strndup(mem_ctx, buf, sizeof(buf));
+unknown:
+ return talloc_strdup(mem_ctx, "Unknown error");
+}
diff --git a/lib/util/util_crypt.h b/lib/util/util_crypt.h
index 8c289e489e8..ca1a58e922c 100644
--- a/lib/util/util_crypt.h
+++ b/lib/util/util_crypt.h
@@ -3,3 +3,5 @@ int talloc_crypt_blob(TALLOC_CTX *mem_ctx,
const char *phrase,
const char *cmd,
DATA_BLOB *blob);
+
+char *talloc_crypt_errstring(TALLOC_CTX *mem_ctx, int error);
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 7a7114c1caa..6949a92fc3e 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1661,21 +1661,7 @@ static int setup_primary_userPassword_hash(
cmd,
hash_blob);
if (ret != 0) {
- char buf[1024];
- const char *reason = NULL;
- if (ret == ERANGE) {
- reason = "Password exceeds maximum length allowed for crypt() hashing";
- } else if (ret == ENOTRECOVERABLE) {
- /* probably weird RHEL7 crypt, see talloc_crypt_blob() */
- reason = "Unknown error";
- } else {
- int err = strerror_r(ret, buf, sizeof(buf));
- if (err == 0) {
- reason = buf;
- } else {
- reason = "Unknown error";
- }
- }
+ const char *reason = talloc_crypt_errstring(frame, ret);
ldb_asprintf_errstring(
ldb,
"setup_primary_userPassword: generation of a %s "
--
2.48.1
From ce70e852783ec69104d274def931e7d39f17576a Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 11 Dec 2024 14:30:15 +1300
Subject: [PATCH 05/11] pyglue: add crypt() function
This wraps talloc_crypt_blob() from lib/util/util_crypt.c which in
turn wraps the system crypt[_r[n]].
We want this because the Python standard library crypt module is going
away. That one also wrapped the system crypt or crypt_r, so there
should be no change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(backported from commit 88e3c82d88a68cf972f8189e1c3718698b49974a)
---
python/pyglue.c | 41 +++++++++++++++++++++++++++++++++++++++++
python/wscript | 1 +
2 files changed, 42 insertions(+)
diff --git a/python/pyglue.c b/python/pyglue.c
index 042bf9e14f3..fcccb849f5e 100644
--- a/python/pyglue.c
+++ b/python/pyglue.c
@@ -18,6 +18,7 @@
*/
#include "lib/replace/system/python.h"
+#include "pyerrors.h"
#include "python/py3compat.h"
#include "includes.h"
#include "python/modules.h"
@@ -25,6 +26,7 @@
#include "param/pyparam.h"
#include "lib/socket/netif.h"
#include "lib/util/debug.h"
+#include "lib/util/util_crypt.h"
#include "librpc/ndr/ndr_private.h"
#include "lib/cmdline/cmdline.h"
#include "lib/crypto/gkdi.h"
@@ -519,6 +521,42 @@ static PyObject *py_get_burnt_commandline(PyObject *self, PyObject *args)
return ret;
}
+static PyObject *py_crypt(PyObject *self, PyObject *args)
+{
+ PyObject *py_hash = NULL;
+ char *phrase = NULL;
+ char *setting = NULL;
+ TALLOC_CTX *frame = NULL;
+ int ret;
+ DATA_BLOB hash = {};
+
+ if (!PyArg_ParseTuple(args, "ss", &phrase, &setting)) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+ frame = talloc_stackframe();
+ ret = talloc_crypt_blob(frame, phrase, setting, &hash);
+ if (ret != 0) {
+ const char *errstr = talloc_crypt_errstring(frame, ret);
+ if (ret == EINVAL || ret == ERANGE || ret == ENOTRECOVERABLE) {
+ PyErr_Format(PyExc_ValueError,
+ "could not crypt(): %s",
+ errstr);
+ } else {
+ PyErr_Format(PyExc_OSError,
+ "could not crypt(): %s",
+ errstr);
+ }
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ py_hash = PyUnicode_FromStringAndSize((char *)hash.data, hash.length);
+ TALLOC_FREE(frame);
+ return py_hash;
+}
+
+
static PyMethodDef py_misc_methods[] = {
{ "generate_random_str", (PyCFunction)py_generate_random_str, METH_VARARGS,
"generate_random_str(len) -> string\n"
@@ -580,6 +618,9 @@ static PyMethodDef py_misc_methods[] = {
METH_NOARGS, "How many NDR internal tokens is too many for this build?" },
{ "get_burnt_commandline", (PyCFunction)py_get_burnt_commandline,
METH_VARARGS, "Return a redacted commandline to feed to setproctitle (None if no redaction required)" },
+ { "crypt", (PyCFunction)py_crypt,
+ METH_VARARGS,
+ "encrypt as phrase, per crypt(3), as determined by setting." },
{0}
};
diff --git a/python/wscript b/python/wscript
index 3e6439930e9..7c17e390dc7 100644
--- a/python/wscript
+++ b/python/wscript
@@ -119,6 +119,7 @@ def build(bld):
ndr
cmdline
gkdi
+ util_crypt
%s
''' % (pyparam_util, pytalloc_util),
realname='samba/_glue.so')
--
2.48.1
From 9a0dc2db7cde22f36583159c0d697a3de6640990 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 12 Dec 2024 10:44:07 +1300
Subject: [PATCH 06/11] pytest: test that _glue.crypt works
The test vectors were generated via Python 3.10 crypt module, which
directly wraps crypt(3), which in this case is from glibc 2.39-0ubuntu8.3.
We mainly test the sha256 and sha512 vectors, which seems to be all we
use, and which are said to be widely supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5636d30c0959fd4a211ee7b8d1b267dcdbf0b963)
---
python/samba/tests/glue.py | 65 ++++++++++++++++++++++++++++++++++++++
1 file changed, 65 insertions(+)
diff --git a/python/samba/tests/glue.py b/python/samba/tests/glue.py
index ac504b3f366..824f5ca0c81 100644
--- a/python/samba/tests/glue.py
+++ b/python/samba/tests/glue.py
@@ -88,3 +88,68 @@ class GlueTests(samba.tests.TestCase):
self.assertEqual(_glue.strstr_m(string, '_'), '_string_num__one')
self.assertEqual(_glue.strstr_m(string, '__'), '__one')
self.assertEqual(_glue.strstr_m(string, 'ring'), 'ring_num__one')
+
+ def test_crypt(self):
+ # We hopefully only use schemes 5 and 6 (sha256 and sha512),
+ # which are OK and also quite widely supported according to
+ # https://en.wikipedia.org/wiki/Crypt_(C)
+ for phrase, setting, expected in [
+ ("a", "$5$aaaaaa",
+ "$5$aaaaaa$F4lxguL7mZR7TGlvukPTJIxoRhVmHMZs8ZdH8oDP0.6"),
+ # with scheme 5, 5000 rounds is default, so hash is the same as above
+ ('a', '$5$rounds=5000$aaaaaa',
+ '$5$rounds=5000$aaaaaa$F4lxguL7mZR7TGlvukPTJIxoRhVmHMZs8ZdH8oDP0.6'),
+ ('a',
+ '$5$rounds=4999$aaaaaa',
+ '$5$rounds=4999$aaaaaa$FiP70gtxOJUFLokUJvET06E7jbL6aNmF6Wtv2ddzjY8'),
+ ('a', '$5$aaaaab',
+ '$5$aaaaab$e9qR2F833/JyuMu.nkQc9kn184vBWLo0ODqnCe./mj0'),
+
+ ('', '$5$aaaaaa', '$5$aaaaaa$5B4WTdWp5n/v/aNUw2N8RsEitqvlZJEaAKhH/pOkGg4'),
+
+ ("a", "$6$aaaaaa",
+ "$6$aaaaaa$KHs/Ez7X/I5/K.V8FR7kEsx9rOvjXnEDUmGC.dLBWP87XWy.oUEAM7QYcZQRVhiDwGepOF2pKrCVETYLyASh60"),
+
+ ('', '$5$', '$5$$3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.'),
+
+ # scheme 1 (md5) should be supported if not used
+ ('a', '$1$aaaaaa',
+ '$1$aaaaaa$MUMWPbGfzrHFCNm7ZHg31.'),
+
+ ('', '$6$',
+ '$6$$/chiBau24cE26QQVW3IfIe68Xu5.JQ4E8Ie7lcRLwqxO5cxGuBhqF2HmTL.zWJ9zjChg3yJYFXeGBQ2y3Ba1d1'),
+ (' ',
+ '$6$6',
+ '$6$6$asLnbxf0obyuv3ybNvDE9ZcdwGFkDhLe7uW.wzdOdKCm4/M3vGFKq4Ttk1tBQrOn4wALZ3tj1L8IarIu5i8hR/'),
+
+ # original DES scheme, 12 bits of salt
+ ("a", "lalala", "laKGbFzgh./R2"),
+ ("a", "lalalaLALALAla", "laKGbFzgh./R2"),
+ ("a", "arrgh", "ar7VUiUvDhX2c"),
+ ("a", "arrggghhh", "ar7VUiUvDhX2c"),
+ ]:
+ hash = _glue.crypt(phrase, setting)
+ self.assertEqual(hash, expected)
+
+ def test_crypt_bad(self):
+ # We can't be too strident in our assertions, because every
+ # system allows a different set of algorithms, and some have
+ # different ideas of how to parse.
+ for phrase, setting, exception in [
+ ("a", "$5", ValueError),
+ ("a", "$0$", ValueError),
+ ("a", None, TypeError),
+ (None, "", TypeError),
+ ('a', '$66$', ValueError),
+ ('a', '$$', ValueError),
+ ('a', '*0', ValueError),
+ ('a', '*', ValueError),
+ ('a', '++', ValueError),
+ # this next one is too long, except on Rocky Linux 8.
+ #('a' * 10000, '$5$5', ValueError),
+ # this is invalid, except on Debian 11.
+ # (' ', '$6$ ', ValueError),
+ ]:
+ with self.assertRaises(exception,
+ msg=f"crypt({phrase!r}, {setting!r}) didn't fail"):
+ _glue.crypt(phrase, setting)
--
2.48.1
From 6425e2514052027ee2269e15e0e0dff1686fa34e Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 11 Dec 2024 15:54:48 +1300
Subject: [PATCH 07/11] samba-tool user: use _glue.crypt, not crypt.crypt
Because we know we have _glue.crypt, and we know it raises exceptions
rather than returning None, we can simplify the checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 405187d2ef4920a9a284649c9c3287f5844d5180)
---
.../samba/netcmd/user/readpasswords/common.py | 21 ++++++-------------
1 file changed, 6 insertions(+), 15 deletions(-)
diff --git a/python/samba/netcmd/user/readpasswords/common.py b/python/samba/netcmd/user/readpasswords/common.py
index 7944d4e1682..68befb3f356 100644
--- a/python/samba/netcmd/user/readpasswords/common.py
+++ b/python/samba/netcmd/user/readpasswords/common.py
@@ -37,6 +37,7 @@ from samba.netcmd import Command, CommandError
from samba.samdb import SamDB
from samba.nt_time import timedelta_from_nt_time_delta, nt_time_from_datetime
from samba.gkdi import MAX_CLOCK_SKEW
+from samba._glue import crypt
# python[3]-gpgme is abandoned since ubuntu 1804 and debian 9
# have to use python[3]-gpg instead
@@ -132,9 +133,7 @@ def get_crypt_value(alg, utf8pw, rounds=0):
else:
crypt_salt = "$%s$%s$" % (alg, b64salt)
- crypt_value = crypt.crypt(utf8pw, crypt_salt)
- if crypt_value is None:
- raise NotImplementedError("crypt.crypt(%s) returned None" % (crypt_salt))
+ crypt_value = crypt(utf8pw, crypt_salt)
expected_len = len(crypt_salt) + algs[alg]["length"]
if len(crypt_value) != expected_len:
raise NotImplementedError("crypt.crypt(%s) returned a value with length %d, expected length is %d" % (
@@ -156,21 +155,13 @@ except ImportError as e:
for (alg, attr) in [("5", "virtualCryptSHA256"), ("6", "virtualCryptSHA512")]:
try:
- import crypt
get_crypt_value(alg, "")
- virtual_attributes[attr] = {
- }
- except ImportError as e:
- reason = "crypt"
- reason += " required"
- disabled_virtual_attributes[attr] = {
- "reason": reason,
- }
- except NotImplementedError as e:
- reason = "modern '$%s$' salt in crypt(3) required" % (alg)
+ except (ValueError, OSError):
disabled_virtual_attributes[attr] = {
- "reason": reason,
+ "reason": f"modern '${alg}$' salt in crypt(3) required"
}
+ continue
+ virtual_attributes[attr] = {}
# Add the wDigest virtual attributes, virtualWDigest01 to virtualWDigest29
for x in range(1, 30):
--
2.48.1
From a2a04286e13676177c952e67363fc7502f544861 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 11 Dec 2024 15:56:20 +1300
Subject: [PATCH 08/11] samba-tool user: hashlib.sha1 is always present
We maybe thought we were checking that sha1 was in hashlib, but we were
only checking that hashlib is in the Python library (`hashlib.sha1()`
would not raise ImportError).
The documentation says hashlib always contains sha1 -- if that
changes, it is better we know by failing noisily with the import error
at the top of the file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4af4dd8135e8edbe2a16cfdfc7ded8c145c82e98)
---
python/samba/netcmd/user/readpasswords/common.py | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/python/samba/netcmd/user/readpasswords/common.py b/python/samba/netcmd/user/readpasswords/common.py
index 68befb3f356..3043525874e 100644
--- a/python/samba/netcmd/user/readpasswords/common.py
+++ b/python/samba/netcmd/user/readpasswords/common.py
@@ -26,6 +26,7 @@ import datetime
import errno
import io
import os
+from hashlib import sha1
import ldb
from samba import credentials, nttime2float
@@ -141,17 +142,8 @@ def get_crypt_value(alg, utf8pw, rounds=0):
return crypt_value
-try:
- import hashlib
- hashlib.sha1()
- virtual_attributes["virtualSSHA"] = {
- }
-except ImportError as e:
- reason = "hashlib.sha1()"
- reason += " required"
- disabled_virtual_attributes["virtualSSHA"] = {
- "reason": reason,
- }
+
+virtual_attributes["virtualSSHA"] = {}
for (alg, attr) in [("5", "virtualCryptSHA256"), ("6", "virtualCryptSHA512")]:
try:
@@ -736,7 +728,7 @@ class GetPasswordCommand(Command):
if u8 is None:
continue
salt = os.urandom(4)
- h = hashlib.sha1()
+ h = sha1()
h.update(u8)
h.update(salt)
bv = h.digest() + salt
--
2.48.1
From e9a8748f3cc4ba74f8b0d75e7a01866e7c12a0a4 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 12 Dec 2024 10:46:16 +1300
Subject: [PATCH 09/11] pytest: password_hash uses internal _glue.crypt
This will remove an external dependency.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 552053b6445611ecef6ac4c11c55ebf92f03571d)
---
python/samba/tests/password_hash.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/python/samba/tests/password_hash.py b/python/samba/tests/password_hash.py
index 1b7af7de7b8..39ef13fd7b2 100644
--- a/python/samba/tests/password_hash.py
+++ b/python/samba/tests/password_hash.py
@@ -30,11 +30,11 @@ from samba.dcerpc.samr import DOMAIN_PASSWORD_STORE_CLEARTEXT
from samba.dsdb import UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
from samba.tests import delete_force
from samba.tests.password_test import PasswordCommon
+from samba._glue import crypt
import ldb
import samba
import binascii
from hashlib import md5
-import crypt
USER_NAME = "PasswordHashTestUser"
@@ -321,7 +321,7 @@ class PassWordHashTests(TestCase):
cmd = "$%s$rounds=%d$%s" % (alg, rounds, data[3])
# Calculate the expected hash value
- expected = crypt.crypt(USER_PASS, cmd)
+ expected = crypt(USER_PASS, cmd)
self.assertEqual(expected, up.hashes[i].value.decode('utf8'))
i += 1
--
2.48.1
From 0e01dc4f1fabfd2c3f21f724c05d94227a278b20 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 11 Dec 2024 14:31:18 +1300
Subject: [PATCH 10/11] util:datablob: data_blob_pad checks its alignment
assumption
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 20 07:59:51 UTC 2024 on atb-devel-224
(cherry picked from commit 8b84282008dc372d67ba01c8fe256ef756c3dcfb)
---
lib/util/data_blob.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/util/data_blob.c b/lib/util/data_blob.c
index b5b78bc7a8a..0522e7755af 100644
--- a/lib/util/data_blob.c
+++ b/lib/util/data_blob.c
@@ -286,7 +286,7 @@ _PUBLIC_ bool data_blob_pad(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
size_t old_len = blob->length;
size_t new_len = (old_len + pad - 1) & ~(pad - 1);
- if (new_len < old_len) {
+ if (new_len < old_len || (pad & (pad - 1)) != 0) {
return false;
}
--
2.48.1
From 8cfae9f33fb1c170c3fe937be200490597e9e4c2 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 17 Jan 2025 13:28:30 +0100
Subject: [PATCH 11/11] lib:util: Fix stack-use-after-return in
crypt_as_best_we_can()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15784
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jan 17 23:21:13 UTC 2025 on atb-devel-224
(cherry picked from commit 6cd9849b58ec653cbffc602e3c96996a082faf53)
---
lib/util/util_crypt.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/lib/util/util_crypt.c b/lib/util/util_crypt.c
index 09cd47597d1..9ac6e1cfd0e 100644
--- a/lib/util/util_crypt.c
+++ b/lib/util/util_crypt.c
@@ -1,11 +1,13 @@
#include <replace.h>
#include "data_blob.h"
+#include "discard.h"
#include <talloc.h>
#include <crypt.h>
#include "util_crypt.h"
-static int crypt_as_best_we_can(const char *phrase,
+static int crypt_as_best_we_can(TALLOC_CTX *mem_ctx,
+ const char *phrase,
const char *setting,
const char **hashp)
{
@@ -63,8 +65,14 @@ static int crypt_as_best_we_can(const char *phrase,
ret = ENOTRECOVERABLE;
}
}
+ if (ret != 0) {
+ return ret;
+ }
- *hashp = hash;
+ *hashp = talloc_strdup(mem_ctx, hash);
+ if (*hashp == NULL) {
+ ret = -1;
+ }
return ret;
}
@@ -75,14 +83,14 @@ int talloc_crypt_blob(TALLOC_CTX *mem_ctx,
DATA_BLOB *blob)
{
const char *hash = NULL;
- int ret = crypt_as_best_we_can(phrase, setting, &hash);
+ int ret = crypt_as_best_we_can(mem_ctx, phrase, setting, &hash);
if (ret != 0) {
blob->data = NULL;
blob->length = 0;
return ret;
}
blob->length = strlen(hash);
- blob->data = talloc_memdup(mem_ctx, hash, blob->length);
+ blob->data = discard_const_p(uint8_t, hash);
if (blob->data == NULL) {
return ENOMEM;
}
--
2.48.1

513
main/samba/s3-notifyd.patch Normal file
View file

@ -0,0 +1,513 @@
From c9a7bc3e8f36cb9d6746e23ea56f9c27b82dcf49 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 22 Jul 2024 12:26:55 +0200
Subject: [PATCH] s3:notifyd: Use a watcher per db record
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This fixes a O(n²) performance regression in notifyd. The problem was
that we had a watcher per notify instance. This changes the code to have
a watcher per notify db entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14430
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit af011b987a4ad0d3753d83cc0b8d97ad64ba874a)
---
source3/smbd/notifyd/notifyd.c | 214 ++++++++++++++++++-------
source3/smbd/notifyd/notifyd_db.c | 5 +-
source3/smbd/notifyd/notifyd_entry.c | 51 ++++--
source3/smbd/notifyd/notifyd_private.h | 46 ++++--
4 files changed, 228 insertions(+), 88 deletions(-)
diff --git a/source3/smbd/notifyd/notifyd.c b/source3/smbd/notifyd/notifyd.c
index 64dd26a7e11..0b07ab3e435 100644
--- a/source3/smbd/notifyd/notifyd.c
+++ b/source3/smbd/notifyd/notifyd.c
@@ -337,6 +337,7 @@ static bool notifyd_apply_rec_change(
struct messaging_context *msg_ctx)
{
struct db_record *rec = NULL;
+ struct notifyd_watcher watcher = {};
struct notifyd_instance *instances = NULL;
size_t num_instances;
size_t i;
@@ -344,6 +345,7 @@ static bool notifyd_apply_rec_change(
TDB_DATA value;
NTSTATUS status;
bool ok = false;
+ bool new_watcher = false;
if (pathlen == 0) {
DBG_WARNING("pathlen==0\n");
@@ -374,8 +376,12 @@ static bool notifyd_apply_rec_change(
value = dbwrap_record_get_value(rec);
if (value.dsize != 0) {
- if (!notifyd_parse_entry(value.dptr, value.dsize, NULL,
- &num_instances)) {
+ ok = notifyd_parse_entry(value.dptr,
+ value.dsize,
+ &watcher,
+ NULL,
+ &num_instances);
+ if (!ok) {
goto fail;
}
}
@@ -390,8 +396,22 @@ static bool notifyd_apply_rec_change(
goto fail;
}
- if (value.dsize != 0) {
- memcpy(instances, value.dptr, value.dsize);
+ if (num_instances > 0) {
+ struct notifyd_instance *tmp = NULL;
+ size_t num_tmp = 0;
+
+ ok = notifyd_parse_entry(value.dptr,
+ value.dsize,
+ NULL,
+ &tmp,
+ &num_tmp);
+ if (!ok) {
+ goto fail;
+ }
+
+ memcpy(instances,
+ tmp,
+ sizeof(struct notifyd_instance) * num_tmp);
}
for (i=0; i<num_instances; i++) {
@@ -414,41 +434,106 @@ static bool notifyd_apply_rec_change(
*instance = (struct notifyd_instance) {
.client = *client,
.instance = *chg,
- .internal_filter = chg->filter,
- .internal_subdir_filter = chg->subdir_filter
};
num_instances += 1;
}
- if ((instance->instance.filter != 0) ||
- (instance->instance.subdir_filter != 0)) {
- int ret;
+ /*
+ * Calculate an intersection of the instances filters for the watcher.
+ */
+ if (instance->instance.filter > 0) {
+ uint32_t filter = instance->instance.filter;
+
+ if ((watcher.filter & filter) != filter) {
+ watcher.filter |= filter;
+
+ new_watcher = true;
+ }
+ }
+
+ /*
+ * Calculate an intersection of the instances subdir_filters for the
+ * watcher.
+ */
+ if (instance->instance.subdir_filter > 0) {
+ uint32_t subdir_filter = instance->instance.subdir_filter;
- TALLOC_FREE(instance->sys_watch);
+ if ((watcher.subdir_filter & subdir_filter) != subdir_filter) {
+ watcher.subdir_filter |= subdir_filter;
- ret = sys_notify_watch(entries, sys_notify_ctx, path,
- &instance->internal_filter,
- &instance->internal_subdir_filter,
- notifyd_sys_callback, msg_ctx,
- &instance->sys_watch);
- if (ret != 0) {
- DBG_WARNING("sys_notify_watch for [%s] returned %s\n",
- path, strerror(errno));
+ new_watcher = true;
}
}
if ((instance->instance.filter == 0) &&
(instance->instance.subdir_filter == 0)) {
+ uint32_t tmp_filter = 0;
+ uint32_t tmp_subdir_filter = 0;
+
/* This is a delete request */
- TALLOC_FREE(instance->sys_watch);
*instance = instances[num_instances-1];
num_instances -= 1;
+
+ for (i = 0; i < num_instances; i++) {
+ struct notifyd_instance *tmp = &instances[i];
+
+ tmp_filter |= tmp->instance.filter;
+ tmp_subdir_filter |= tmp->instance.subdir_filter;
+ }
+
+ /*
+ * If the filter has changed, register a new watcher with the
+ * changed filter.
+ */
+ if (watcher.filter != tmp_filter ||
+ watcher.subdir_filter != tmp_subdir_filter)
+ {
+ watcher.filter = tmp_filter;
+ watcher.subdir_filter = tmp_subdir_filter;
+
+ new_watcher = true;
+ }
+ }
+
+ if (new_watcher) {
+ /*
+ * In case we removed all notify instances, we want to remove
+ * the watcher. We won't register a new one, if no filters are
+ * set anymore.
+ */
+
+ TALLOC_FREE(watcher.sys_watch);
+
+ watcher.sys_filter = watcher.filter;
+ watcher.sys_subdir_filter = watcher.subdir_filter;
+
+ /*
+ * Only register a watcher if we have filter.
+ */
+ if (watcher.filter != 0 || watcher.subdir_filter != 0) {
+ int ret = sys_notify_watch(entries,
+ sys_notify_ctx,
+ path,
+ &watcher.sys_filter,
+ &watcher.sys_subdir_filter,
+ notifyd_sys_callback,
+ msg_ctx,
+ &watcher.sys_watch);
+ if (ret != 0) {
+ DBG_WARNING("sys_notify_watch for [%s] "
+ "returned %s\n",
+ path,
+ strerror(errno));
+ }
+ }
}
DBG_DEBUG("%s has %zu instances\n", path, num_instances);
if (num_instances == 0) {
+ TALLOC_FREE(watcher.sys_watch);
+
status = dbwrap_record_delete(rec);
if (!NT_STATUS_IS_OK(status)) {
DBG_WARNING("dbwrap_record_delete returned %s\n",
@@ -456,13 +541,21 @@ static bool notifyd_apply_rec_change(
goto fail;
}
} else {
- value = make_tdb_data(
- (uint8_t *)instances,
- sizeof(struct notifyd_instance) * num_instances);
+ struct TDB_DATA iov[2] = {
+ {
+ .dptr = (uint8_t *)&watcher,
+ .dsize = sizeof(struct notifyd_watcher),
+ },
+ {
+ .dptr = (uint8_t *)instances,
+ .dsize = sizeof(struct notifyd_instance) *
+ num_instances,
+ },
+ };
- status = dbwrap_record_store(rec, value, 0);
+ status = dbwrap_record_storev(rec, iov, ARRAY_SIZE(iov), 0);
if (!NT_STATUS_IS_OK(status)) {
- DBG_WARNING("dbwrap_record_store returned %s\n",
+ DBG_WARNING("dbwrap_record_storev returned %s\n",
nt_errstr(status));
goto fail;
}
@@ -706,12 +799,18 @@ static void notifyd_trigger_parser(TDB_DATA key, TDB_DATA data,
.when = tstate->msg->when };
struct iovec iov[2];
size_t path_len = key.dsize;
+ struct notifyd_watcher watcher = {};
struct notifyd_instance *instances = NULL;
size_t num_instances = 0;
size_t i;
+ bool ok;
- if (!notifyd_parse_entry(data.dptr, data.dsize, &instances,
- &num_instances)) {
+ ok = notifyd_parse_entry(data.dptr,
+ data.dsize,
+ &watcher,
+ &instances,
+ &num_instances);
+ if (!ok) {
DBG_DEBUG("Could not parse notifyd_entry\n");
return;
}
@@ -734,9 +833,11 @@ static void notifyd_trigger_parser(TDB_DATA key, TDB_DATA data,
if (tstate->covered_by_sys_notify) {
if (tstate->recursive) {
- i_filter = instance->internal_subdir_filter;
+ i_filter = watcher.sys_subdir_filter &
+ instance->instance.subdir_filter;
} else {
- i_filter = instance->internal_filter;
+ i_filter = watcher.sys_filter &
+ instance->instance.filter;
}
} else {
if (tstate->recursive) {
@@ -1146,46 +1247,39 @@ static int notifyd_add_proxy_syswatches(struct db_record *rec,
struct db_context *db = dbwrap_record_get_db(rec);
TDB_DATA key = dbwrap_record_get_key(rec);
TDB_DATA value = dbwrap_record_get_value(rec);
- struct notifyd_instance *instances = NULL;
- size_t num_instances = 0;
- size_t i;
+ struct notifyd_watcher watcher = {};
char path[key.dsize+1];
bool ok;
+ int ret;
memcpy(path, key.dptr, key.dsize);
path[key.dsize] = '\0';
- ok = notifyd_parse_entry(value.dptr, value.dsize, &instances,
- &num_instances);
+ /* This is a remote database, we just need the watcher. */
+ ok = notifyd_parse_entry(value.dptr, value.dsize, &watcher, NULL, NULL);
if (!ok) {
DBG_WARNING("Could not parse notifyd entry for %s\n", path);
return 0;
}
- for (i=0; i<num_instances; i++) {
- struct notifyd_instance *instance = &instances[i];
- uint32_t filter = instance->instance.filter;
- uint32_t subdir_filter = instance->instance.subdir_filter;
- int ret;
+ watcher.sys_watch = NULL;
+ watcher.sys_filter = watcher.filter;
+ watcher.sys_subdir_filter = watcher.subdir_filter;
- /*
- * This is a remote database. Pointers that we were
- * given don't make sense locally. Initialize to NULL
- * in case sys_notify_watch fails.
- */
- instances[i].sys_watch = NULL;
-
- ret = state->sys_notify_watch(
- db, state->sys_notify_ctx, path,
- &filter, &subdir_filter,
- notifyd_sys_callback, state->msg_ctx,
- &instance->sys_watch);
- if (ret != 0) {
- DBG_WARNING("inotify_watch returned %s\n",
- strerror(errno));
- }
+ ret = state->sys_notify_watch(db,
+ state->sys_notify_ctx,
+ path,
+ &watcher.filter,
+ &watcher.subdir_filter,
+ notifyd_sys_callback,
+ state->msg_ctx,
+ &watcher.sys_watch);
+ if (ret != 0) {
+ DBG_WARNING("inotify_watch returned %s\n", strerror(errno));
}
+ memcpy(value.dptr, &watcher, sizeof(struct notifyd_watcher));
+
return 0;
}
@@ -1193,21 +1287,17 @@ static int notifyd_db_del_syswatches(struct db_record *rec, void *private_data)
{
TDB_DATA key = dbwrap_record_get_key(rec);
TDB_DATA value = dbwrap_record_get_value(rec);
- struct notifyd_instance *instances = NULL;
- size_t num_instances = 0;
- size_t i;
+ struct notifyd_watcher watcher = {};
bool ok;
- ok = notifyd_parse_entry(value.dptr, value.dsize, &instances,
- &num_instances);
+ ok = notifyd_parse_entry(value.dptr, value.dsize, &watcher, NULL, NULL);
if (!ok) {
DBG_WARNING("Could not parse notifyd entry for %.*s\n",
(int)key.dsize, (char *)key.dptr);
return 0;
}
- for (i=0; i<num_instances; i++) {
- TALLOC_FREE(instances[i].sys_watch);
- }
+ TALLOC_FREE(watcher.sys_watch);
+
return 0;
}
diff --git a/source3/smbd/notifyd/notifyd_db.c b/source3/smbd/notifyd/notifyd_db.c
index 18228619e9a..7dc3cd58081 100644
--- a/source3/smbd/notifyd/notifyd_db.c
+++ b/source3/smbd/notifyd/notifyd_db.c
@@ -40,7 +40,10 @@ static bool notifyd_parse_db_parser(TDB_DATA key, TDB_DATA value,
memcpy(path, key.dptr, key.dsize);
path[key.dsize] = 0;
- ok = notifyd_parse_entry(value.dptr, value.dsize, &instances,
+ ok = notifyd_parse_entry(value.dptr,
+ value.dsize,
+ NULL,
+ &instances,
&num_instances);
if (!ok) {
DBG_DEBUG("Could not parse entry for path %s\n", path);
diff --git a/source3/smbd/notifyd/notifyd_entry.c b/source3/smbd/notifyd/notifyd_entry.c
index 539010de03a..f3b0e908136 100644
--- a/source3/smbd/notifyd/notifyd_entry.c
+++ b/source3/smbd/notifyd/notifyd_entry.c
@@ -21,22 +21,51 @@
* Parse an entry in the notifyd_context->entries database
*/
-bool notifyd_parse_entry(
- uint8_t *buf,
- size_t buflen,
- struct notifyd_instance **instances,
- size_t *num_instances)
+/**
+ * @brief Parse a notifyd database entry.
+ *
+ * The memory we pass down needs to be aligned. If it isn't aligned we can run
+ * into obscure errors as we just point into the data buffer.
+ *
+ * @param data The data to parse
+ * @param data_len The length of the data to parse
+ * @param watcher A pointer to store the watcher data or NULL.
+ * @param instances A pointer to store the array of notify instances or NULL.
+ * @param pnum_instances The number of elements in the array. If you just want
+ * the number of elements pass NULL for the watcher and instances pointers.
+ *
+ * @return true on success, false if an error occurred.
+ */
+bool notifyd_parse_entry(uint8_t *data,
+ size_t data_len,
+ struct notifyd_watcher *watcher,
+ struct notifyd_instance **instances,
+ size_t *pnum_instances)
{
- if ((buflen % sizeof(struct notifyd_instance)) != 0) {
- DBG_WARNING("invalid buffer size: %zu\n", buflen);
+ size_t ilen;
+
+ if (data_len < sizeof(struct notifyd_watcher)) {
return false;
}
- if (instances != NULL) {
- *instances = (struct notifyd_instance *)buf;
+ if (watcher != NULL) {
+ *watcher = *((struct notifyd_watcher *)(uintptr_t)data);
}
- if (num_instances != NULL) {
- *num_instances = buflen / sizeof(struct notifyd_instance);
+
+ ilen = data_len - sizeof(struct notifyd_watcher);
+ if ((ilen % sizeof(struct notifyd_instance)) != 0) {
+ return false;
+ }
+
+ if (pnum_instances != NULL) {
+ *pnum_instances = ilen / sizeof(struct notifyd_instance);
}
+ if (instances != NULL) {
+ /* The (uintptr_t) cast removes a warning from -Wcast-align. */
+ *instances =
+ (struct notifyd_instance *)(uintptr_t)
+ (data + sizeof(struct notifyd_watcher));
+ }
+
return true;
}
diff --git a/source3/smbd/notifyd/notifyd_private.h b/source3/smbd/notifyd/notifyd_private.h
index 36c08f47c54..db8e6e1c005 100644
--- a/source3/smbd/notifyd/notifyd_private.h
+++ b/source3/smbd/notifyd/notifyd_private.h
@@ -20,30 +20,48 @@
#include "lib/util/server_id.h"
#include "notifyd.h"
+
/*
- * notifyd's representation of a notify instance
+ * Representation of a watcher for a path
+ *
+ * This will be stored in the db.
*/
-struct notifyd_instance {
- struct server_id client;
- struct notify_instance instance;
-
- void *sys_watch; /* inotify/fam/etc handle */
+struct notifyd_watcher {
+ /*
+ * This is an intersections of the filter the watcher is listening for.
+ */
+ uint32_t filter;
+ uint32_t subdir_filter;
/*
- * Filters after sys_watch took responsibility of some bits
+ * Those are inout variables passed to the sys_watcher. The sys_watcher
+ * will remove the bits it can't handle.
*/
- uint32_t internal_filter;
- uint32_t internal_subdir_filter;
+ uint32_t sys_filter;
+ uint32_t sys_subdir_filter;
+
+ /* The handle for inotify/fam etc. */
+ void *sys_watch;
+};
+
+/*
+ * Representation of a notifyd instance
+ *
+ * This will be stored in the db.
+ */
+struct notifyd_instance {
+ struct server_id client;
+ struct notify_instance instance;
};
/*
* Parse an entry in the notifyd_context->entries database
*/
-bool notifyd_parse_entry(
- uint8_t *buf,
- size_t buflen,
- struct notifyd_instance **instances,
- size_t *num_instances);
+bool notifyd_parse_entry(uint8_t *data,
+ size_t data_len,
+ struct notifyd_watcher *watcher,
+ struct notifyd_instance **instances,
+ size_t *num_instances);
#endif
--
2.46.1

112
main/samba/smbreadline.patch Normal file
View file

@ -0,0 +1,112 @@
From 645dd19208e9374ea8c950cc51f894ab6efabfee Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 21 Jan 2025 17:59:12 +0100
Subject: [PATCH 1/2] lib:replace: Remove trailing spaces from readline.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15788
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit dbff53f77680f0ccd022f2d864ba6ae7585a34b7)
---
lib/replace/system/readline.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/replace/system/readline.h b/lib/replace/system/readline.h
index 29379626e0d..9a9af266ca6 100644
--- a/lib/replace/system/readline.h
+++ b/lib/replace/system/readline.h
@@ -1,14 +1,14 @@
#ifndef _system_readline_h
#define _system_readline_h
-/*
+/*
Unix SMB/CIFS implementation.
Readline wrappers
-
+
** NOTE! The following LGPL license applies to the replace
** library. This does NOT imply that all of Samba is released
** under the LGPL
-
+
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
--
2.48.1
From 54821d943892c028116104fe113bf18c2e9db55f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 21 Jan 2025 17:59:27 +0100
Subject: [PATCH 2/2] lib:replace: Don't use deprecated readline CPPFunction
cast
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
HAVE_RL_COMPLETION_FUNC_T was unused and not checking for the right
function.
libcli/smbreadline/smbreadline.c: In function smb_readline:
libcli/smbreadline/smbreadline.c:139:17: warning: CPPFunction is deprecated [-Wdeprecated-declarations]
139 | rl_attempted_completion_function = RL_COMPLETION_CAST completion_fn;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
libcli/smbreadline/smbreadline.c:139:50: error: assignment to char ** (*)(const char *, int, int) from incompatible pointer type char ** (*)(void) [-Wincompatible-pointer-types]
139 | rl_attempted_completion_function = RL_COMPLETION_CAST completion_fn;
| ^
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15788
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 21 19:38:37 UTC 2025 on atb-devel-224
(cherry picked from commit 9aa5c43315d83c19514251a11c4fba5a137f2821)
---
lib/replace/system/readline.h | 4 +++-
libcli/smbreadline/wscript_configure | 8 +++++---
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/lib/replace/system/readline.h b/lib/replace/system/readline.h
index 9a9af266ca6..ac3604fc12e 100644
--- a/lib/replace/system/readline.h
+++ b/lib/replace/system/readline.h
@@ -46,7 +46,9 @@
#endif
#ifdef HAVE_NEW_LIBREADLINE
-#ifdef HAVE_CPPFUNCTION
+#if defined(HAVE_RL_COMPLETION_FUNC_T)
+# define RL_COMPLETION_CAST (rl_completion_func_t *)
+#elif defined(HAVE_CPPFUNCTION)
# define RL_COMPLETION_CAST (CPPFunction *)
#elif defined(HAVE_RL_COMPLETION_T)
# define RL_COMPLETION_CAST (rl_completion_t *)
diff --git a/libcli/smbreadline/wscript_configure b/libcli/smbreadline/wscript_configure
index 912ff53a150..f5a401ebae0 100644
--- a/libcli/smbreadline/wscript_configure
+++ b/libcli/smbreadline/wscript_configure
@@ -51,10 +51,12 @@ conf.CHECK_CODE('''
# endif
# endif
#endif
-int main(void) {rl_completion_t f; return 0;}
+int main(void) {rl_completion_func_t f; return 0;}
''',
-'HAVE_RL_COMPLETION_FUNC_T', execute=False, addmain=False,
-msg='Checking for rl_completion_t')
+ 'HAVE_RL_COMPLETION_FUNC_T',
+ execute=False,
+ addmain=False,
+ msg='Checking for rl_completion_func_t')
conf.CHECK_CODE('''
#ifdef HAVE_READLINE_READLINE_H
--
2.48.1