Merge branch 'master' of ssh://git.samba.org/data/git/samba into arc4
authorJelmer Vernooij <jelmer@samba.org>
Wed, 24 Sep 2008 16:38:45 +0000 (18:38 +0200)
committerJelmer Vernooij <jelmer@samba.org>
Wed, 24 Sep 2008 16:38:45 +0000 (18:38 +0200)
Conflicts:
source3/include/includes.h

18 files changed:
lib/crypto/hmacmd5.h
lib/crypto/hmacmd5test.c
lib/crypto/hmacsha256.c
lib/crypto/md4test.c
lib/crypto/md5test.c
source3/Makefile.in
source3/include/includes.h
source3/include/proto.h
source3/lib/crc32.c [deleted file]
source3/libsmb/ntlmssp_sign.c
source3/libsmb/smbencrypt.c
source4/Makefile
source4/auth/gensec/gensec.h
source4/auth/gensec/socket.c
source4/ldap_server/ldap_bind.c
source4/lib/ldb/tests/python/ldap.py
source4/libcli/ldap/ldap_bind.c
source4/libcli/ldap/ldap_client.c

index d649906bb47da5ba026b76270c819b414ecdb62c..91b8ca586c840cd3a07dc8f311b0c1ef845de4eb 100644 (file)
@@ -21,6 +21,8 @@
 #ifndef _HMAC_MD5_H
 #define _HMAC_MD5_H
 
+#include "../lib/crypto/md5.h"
+
 typedef struct 
 {
         struct MD5Context ctx;
index 07ed54c98d2822dda3f63e9970e9b7a5a4381641..0a98404eda3a53b144e0d2ed12038717e787221b 100644 (file)
@@ -17,7 +17,7 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include "includes.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
 
 struct torture_context;
 
index 6b0af9ee8350ee1306c2c442dfca877e45dded22..53d4fe388396417dddba4aa56085dc7afaab93da 100644 (file)
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
 
 /***********************************************************************
  the rfc 2104/2202 version of hmac_sha256 initialisation.
index 5e0451973c8e07ca1f0eb44f10a0d77dbc88798f..dddf9e61a011707bbb3d9102fffffbcae8d429ed 100644 (file)
@@ -18,7 +18,7 @@
 */
 
 #include "includes.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
 
 struct torture_context;
 
index 702e0fcf416c3ed36df36cc6e3e1d9179796398d..1244dca75377e3a79155d447cf67068227a80c48 100644 (file)
@@ -18,7 +18,7 @@
 */
 
 #include "includes.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
 
 struct torture_context;
 
index d48e597ce362010494218670f5fd168affcbd07e..b8ce0523dd43422dc6759eb4425f050b6f96b365 100644 (file)
@@ -320,7 +320,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) \
          lib/signal.o lib/system.o lib/sendfile.o lib/recvfile.o lib/time.o \
          lib/ufc.o lib/genrand.o lib/username.o \
          lib/util_pw.o lib/access.o lib/smbrun.o \
-         lib/bitmap.o lib/crc32.o lib/dprintf.o \
+         lib/bitmap.o ../lib/crypto/crc32.o lib/dprintf.o \
          lib/xfile.o lib/wins_srv.o $(UTIL_REG_OBJ) \
          lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_uuid.o \
          lib/util_unistr.o lib/util_file.o lib/data_blob.o \
index 25135d75ed50b0c4623d4a0bc2a353af1dec53b0..0417a7e01c000366b5c613ff64ff776923efa5e7 100644 (file)
@@ -688,6 +688,7 @@ typedef char fstring[FSTRING_LEN];
 #include "rap.h"
 #include "../lib/crypto/md5.h"
 #include "../lib/crypto/arcfour.h"
+#include "../lib/crypto/crc32.h"
 #include "../lib/crypto/hmacmd5.h"
 #include "ntlmssp.h"
 #include "auth.h"
index ad7350c5d15a1a67895594a9aa4091e38fd9c7b4..198248c5172704e1be0aca673f03b1906c6134eb 100644 (file)
@@ -432,10 +432,6 @@ int connections_forall(int (*fn)(struct db_record *rec,
                       void *private_data);
 bool connections_init(bool rw);
 
-/* The following definitions come from lib/crc32.c  */
-
-uint32 crc32_calc_buffer(const char *buf, size_t size);
-
 /* The following definitions come from lib/data_blob.c  */
 
 DATA_BLOB data_blob(const void *p, size_t length);
diff --git a/source3/lib/crc32.c b/source3/lib/crc32.c
deleted file mode 100644 (file)
index a4ae90c..0000000
+++ /dev/null
@@ -1,103 +0,0 @@
-/*-
- *  COPYRIGHT (C) 1986 Gary S. Brown.  You may use this program, or
- *  code or tables extracted from it, as desired without restriction.
- *
- *  First, the polynomial itself and its table of feedback terms.  The
- *  polynomial is
- *  X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
- *
- *  Note that we take it "backwards" and put the highest-order term in
- *  the lowest-order bit.  The X^32 term is "implied"; the LSB is the
- *  X^31 term, etc.  The X^0 term (usually shown as "+1") results in
- *  the MSB being 1
- *
- *  Note that the usual hardware shift register implementation, which
- *  is what we're using (we're merely optimizing it by doing eight-bit
- *  chunks at a time) shifts bits into the lowest-order term.  In our
- *  implementation, that means shifting towards the right.  Why do we
- *  do it this way?  Because the calculated CRC must be transmitted in
- *  order from highest-order term to lowest-order term.  UARTs transmit
- *  characters in order from LSB to MSB.  By storing the CRC this way
- *  we hand it to the UART in the order low-byte to high-byte; the UART
- *  sends each low-bit to hight-bit; and the result is transmission bit
- *  by bit from highest- to lowest-order term without requiring any bit
- *  shuffling on our part.  Reception works similarly
- *
- *  The feedback terms table consists of 256, 32-bit entries.  Notes
- *
- *      The table can be generated at runtime if desired; code to do so
- *      is shown later.  It might not be obvious, but the feedback
- *      terms simply represent the results of eight shift/xor opera
- *      tions for all combinations of data and CRC register values
- *
- *      The values must be right-shifted by eight bits by the "updcrc
- *      logic; the shift must be unsigned (bring in zeroes).  On some
- *      hardware you could probably optimize the shift in assembler by
- *      using byte-swap instructions
- *      polynomial $edb88320
- *
- *
- * CRC32 code derived from work by Gary S. Brown.
- */
-
-#include "includes.h"
-
-static const uint32 crc32_tab[] = {
-       0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
-       0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
-       0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
-       0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
-       0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
-       0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
-       0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
-       0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
-       0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
-       0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
-       0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
-       0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
-       0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
-       0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
-       0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
-       0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
-       0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
-       0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
-       0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
-       0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
-       0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
-       0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
-       0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
-       0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
-       0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
-       0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
-       0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
-       0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
-       0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
-       0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
-       0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
-       0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
-       0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
-       0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
-       0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
-       0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
-       0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
-       0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
-       0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
-       0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
-       0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
-       0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
-       0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
-};
-
-uint32 crc32_calc_buffer(const char *buf, size_t size)
-{
-       const unsigned char *p;
-       uint32 crc;
-
-       p = (const unsigned char *)buf;
-       crc = ~0U;
-
-       while (size--)
-               crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8);
-
-       return crc ^ ~0U;
-}
index 4db5141cce0bb26a374e54a4f6d8a982e750a485..5120544058397ef6bbdfaf056f55eee001cb6dc3 100644 (file)
@@ -117,7 +117,7 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
 
        } else {
                uint32 crc;
-               crc = crc32_calc_buffer((const char *)data, length);
+               crc = crc32_calc_buffer(data, length);
                if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) {
                        return NT_STATUS_NO_MEMORY;
                }
@@ -265,7 +265,7 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
                }
        } else {
                uint32 crc;
-               crc = crc32_calc_buffer((const char *)data, length);
+               crc = crc32_calc_buffer(data, length);
                if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) {
                        return NT_STATUS_NO_MEMORY;
                }
index 0742976635307b09df68238220c4557028fd1dc4..05fd808a329533d5b9c5893661e7b1e37cafd33a 100644 (file)
@@ -847,7 +847,7 @@ DATA_BLOB decrypt_drsuapi_blob(TALLOC_CTX *mem_ctx,
         * of the remaining bytes
         */
        crc32_given = IVAL(dec_buffer.data, 0);
-       crc32_calc = crc32_calc_buffer((const char *)dec_buffer.data + 4 , dec_buffer.length - 4);
+       crc32_calc = crc32_calc_buffer(dec_buffer.data + 4 , dec_buffer.length - 4);
        if (crc32_given != crc32_calc) {
                DEBUG(1,("CRC32: given[0x%08X] calc[0x%08X]\n",
                      crc32_given, crc32_calc));
index 3630adce56f4b36d8c7019af516c6c891ef194c2..813f0cedd4ab85fee6c5c4e24bf7778a70db925e 100644 (file)
@@ -132,6 +132,9 @@ else
 include $(srcdir)/static_deps.mk
 endif
 
+clean::
+       @find ../lib ../libcli  -name '*.o' -o -name '*.hd' | xargs rm -f
+
 DEFAULT_HEADERS = $(srcdir)/lib/util/dlinklist.h \
                  $(srcdir)/version.h
 
index 2830297ffe4043fc31ae661aac1f5d90b27279c0..84fc26d1271fc778a62efb96b79cba91d55a3125 100644 (file)
@@ -174,6 +174,7 @@ struct gensec_security;
 struct socket_context;
 
 NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
+                           TALLOC_CTX *mem_ctx, 
                            struct socket_context *current_socket,
                            struct event_context *ev,
                            void (*recv_handler)(void *, uint16_t),
index 27449bf610294b334e03fbee393c911b225092d2..319730e2cabf0ee6228253b445514ef1a1355acc 100644 (file)
@@ -408,8 +408,10 @@ static NTSTATUS gensec_socket_send(struct socket_context *sock,
 }
 
 /* Turn a normal socket into a potentially GENSEC wrapped socket */
+/* CAREFUL: this function will steal 'current_socket' */
 
 NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
+                           TALLOC_CTX *mem_ctx,
                            struct socket_context *current_socket,
                            struct event_context *ev,
                            void (*recv_handler)(void *, uint16_t),
@@ -420,7 +422,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
        struct socket_context *new_sock;
        NTSTATUS nt_status;
 
-       nt_status = socket_create_with_ops(current_socket, &gensec_socket_ops, &new_sock, 
+       nt_status = socket_create_with_ops(mem_ctx, &gensec_socket_ops, &new_sock, 
                                           SOCKET_TYPE_STREAM, current_socket->flags | SOCKET_FLAG_ENCRYPT);
        if (!NT_STATUS_IS_OK(nt_status)) {
                *new_socket = NULL;
@@ -432,22 +434,19 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
        gensec_socket = talloc(new_sock, struct gensec_socket);
        if (gensec_socket == NULL) {
                *new_socket = NULL;
+               talloc_free(new_sock);
                return NT_STATUS_NO_MEMORY;
        }
 
        new_sock->private_data       = gensec_socket;
        gensec_socket->socket        = current_socket;
 
-       if (talloc_reference(gensec_socket, current_socket) == NULL) {
-               *new_socket = NULL;
-               return NT_STATUS_NO_MEMORY;
-       }
-
        /* Nothing to do here, if we are not actually wrapping on this socket */
        if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL) &&
            !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
                
                gensec_socket->wrap = false;
+               talloc_steal(gensec_socket, current_socket);
                *new_socket = new_sock;
                return NT_STATUS_OK;
        }
@@ -469,6 +468,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
        gensec_socket->packet = packet_init(gensec_socket);
        if (gensec_socket->packet == NULL) {
                *new_socket = NULL;
+               talloc_free(new_sock);
                return NT_STATUS_NO_MEMORY;
        }
 
@@ -481,6 +481,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
 
        /* TODO: full-request that knows about maximum packet size */
 
+       talloc_steal(gensec_socket, current_socket);
        *new_socket = new_sock;
        return NT_STATUS_OK;
 }
index 8357251a8f2f3b0a49e56d89d7e6efb752000d3d..20777e526195b353586308d58af78e1185e0a40d 100644 (file)
@@ -208,6 +208,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
                } else {
                        ctx->conn = conn;
                        status = gensec_socket_init(conn->gensec, 
+                                                   conn->connection,
                                                    conn->connection->socket,
                                                    conn->connection->event.ctx, 
                                                    stream_io_handler_callback,
index bc6f80e856d2042e30cb5a750e2a44593bc78829..6c910b63f1b450e1de9c63ae7561d9120241ec55 100755 (executable)
@@ -781,7 +781,10 @@ member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
         self.assertTrue("objectGuid" not in res[0])
         self.assertTrue("whenCreated" in res[0])
         self.assertTrue("nTSecurityDescriptor" in res[0])
-        self.assertEquals(res[0]["member"][0].upper(), ("CN=ldaptestuser2,CN=Users," + self.base_dn).upper())
+        memberUP = []
+        for m in res[0]["member"]:
+            memberUP.append(m.upper())
+        self.assertTrue(("CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
 
         ldb.modify_ldif("""
 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
index 65673116be1232b6e8c99e6024a5dc29050cf66a..b66232c02e55356cdad32dcba285516e6e7ae5d4 100644 (file)
@@ -387,6 +387,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
        if (NT_STATUS_IS_OK(status)) {
                struct socket_context *sasl_socket;
                status = gensec_socket_init(conn->gensec, 
+                                           conn,
                                            conn->sock,
                                            conn->event.event_ctx, 
                                            ldap_read_io_handler,
index 844238afdb51d4bd24e825f03c06c3e5e918f0b6..d7960f901ab707eddfa550eadac7f6151a546938 100644 (file)
@@ -77,6 +77,12 @@ static void ldap_connection_dead(struct ldap_connection *conn)
 {
        struct ldap_request *req;
 
+       talloc_free(conn->sock);  /* this will also free event.fde */
+       talloc_free(conn->packet);
+       conn->sock = NULL;
+       conn->event.fde = NULL;
+       conn->packet = NULL;
+
        /* return an error for any pending request ... */
        while (conn->pending) {
                req = conn->pending;
@@ -87,12 +93,6 @@ static void ldap_connection_dead(struct ldap_connection *conn)
                        req->async.fn(req);
                }
        }
-
-       talloc_free(conn->sock);  /* this will also free event.fde */
-       talloc_free(conn->packet);
-       conn->sock = NULL;
-       conn->event.fde = NULL;
-       conn->packet = NULL;
 }
 
 static void ldap_reconnect(struct ldap_connection *conn);
@@ -400,6 +400,7 @@ static void ldap_connect_got_sock(struct composite_context *ctx,
        talloc_steal(conn, conn->sock);
        if (conn->ldaps) {
                struct socket_context *tls_socket;
+               struct socket_context *tmp_socket;
                char *cafile = private_path(conn->sock, conn->lp_ctx, lp_tls_cafile(conn->lp_ctx));
 
                if (!cafile || !*cafile) {
@@ -414,9 +415,11 @@ static void ldap_connect_got_sock(struct composite_context *ctx,
                        talloc_free(conn->sock);
                        return;
                }
-               talloc_unlink(conn, conn->sock);
-               conn->sock = tls_socket;
-               talloc_steal(conn, conn->sock);
+
+               /* the original socket, must become a child of the tls socket */
+               tmp_socket = conn->sock;
+               conn->sock = talloc_steal(conn, tls_socket);
+               talloc_steal(conn->sock, tmp_socket);
        }
 
        conn->packet = packet_init(conn);