[cifs-utils PATCH 0/8] cifs-utils: fix problems with credcaches with overridden process creds

[cifs-utils PATCH 0/8] cifs-utils: fix problems with credcaches with overridden process creds

[Jeff Layton]

The main impetus for this set is patch #7, which is a one-liner. #8 may
be overkill, but I do think that it's the right approach, at least for
now.

In order to get all of this to build however, we need to eliminate the
unsetenv override in replace.h, or add a test for unsetenv. I chose the
former, so the real patches are preceded by a number of cleanup patches.

Jeff Layton (8):
  data_blob: remove need for replace.h
  spengo.c/asn1.c: remove need for replace.h
  cifs.upcall: remove need for replace.h
  replace.h: remove it
  treewide: Eliminate SAFE_FREE
  data_blob: Eliminate _PUBLIC_
  cifs.upcall: unset $KRB5CCNAME when creating new credcache from keytab
  cifs.upcall: don't do env scraping when uid is 0

 asn1.c           |   2 +-
 cifs.upcall.8.in |   5 +-
 cifs.upcall.c    |  56 +++--
 configure.ac     |   2 +-
 data_blob.c      |  11 +-
 data_blob.h      |  10 +-
 mount.cifs.c     |  16 +-
 replace.h        | 674 -------------------------------------------------------
 spnego.c         |   2 +-
 9 files changed, 64 insertions(+), 714 deletions(-)
 delete mode 100644 replace.h

-- 
2.9.3

[cifs-utils PATCH 1/8] data_blob: remove need for replace.h

[Jeff Layton]

We only need ZERO_STRUCT there.

Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
---
 data_blob.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data_blob.c b/data_blob.c
index 834d810c9d46..a884f132bcde 100644
--- a/data_blob.c
+++ b/data_blob.c
@@ -20,9 +20,12 @@
 
 #include <string.h>
 
-#include "replace.h"
 #include "data_blob.h"
 
+#ifndef ZERO_STRUCT
+#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
+#endif
+
 const DATA_BLOB data_blob_null = { NULL, 0 };
 
 /**
-- 
2.9.3

[cifs-utils PATCH 2/8] spengo.c/asn1.c: remove need for replace.h

[Jeff Layton]

Just need stdbool.h instead.

Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
---
 asn1.c   | 2 +-
 spnego.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/asn1.c b/asn1.c
index 4c0e48037f14..dd96d2c0e595 100644
--- a/asn1.c
+++ b/asn1.c
@@ -20,8 +20,8 @@
 #include <string.h>
 #include <talloc.h>
 #include <stdint.h>
+#include <stdbool.h>
 
-#include "replace.h"
 #include "data_blob.h"
 #include "asn1.h"
 
diff --git a/spnego.c b/spnego.c
index 7f32d7d2efa9..e483e6e1c526 100644
--- a/spnego.c
+++ b/spnego.c
@@ -21,8 +21,8 @@
 
 #include <talloc.h>
 #include <stdint.h>
+#include <stdbool.h>
 
-#include "replace.h"
 #include "data_blob.h"
 #include "asn1.h"
 #include "spnego.h"
-- 
2.9.3

[cifs-utils PATCH 3/8] cifs.upcall: remove need for replace.h

[Jeff Layton]

Take just what we need from replace.h and move it to cifs.upcall.c.

Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
---
 cifs.upcall.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/cifs.upcall.c b/cifs.upcall.c
index f766a8b5799e..cfc926cd9d09 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -49,8 +49,9 @@
 #include <ctype.h>
 #include <pwd.h>
 #include <grp.h>
+#include <stdbool.h>
+#include <errno.h>
 
-#include "replace.h"
 #include "data_blob.h"
 #include "spnego.h"
 #include "cifs_spnego.h"
@@ -68,6 +69,21 @@ typedef enum _sectype {
 	MS_KRB5
 } sectype_t;
 
+/* These macros unify the keyblock handling of Heimdal and MIT somewhat */
+#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
+#define KRB5_KEY_TYPE(k)        ((k)->keytype)
+#define KRB5_KEY_LENGTH(k)      ((k)->keyvalue.length)
+#define KRB5_KEY_DATA(k)        ((k)->keyvalue.data)
+#define KRB5_KEY_DATA_CAST      void
+#else /* MIT */
+#define KRB5_KEY_TYPE(k)        ((k)->enctype)
+#define KRB5_KEY_LENGTH(k)      ((k)->length)
+#define KRB5_KEY_DATA(k)        ((k)->contents)
+#define KRB5_KEY_DATA_CAST      krb5_octet
+#endif
+
+#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x = NULL; } } while (0)
+
 #ifdef HAVE_LIBCAP_NG
 static int
 trim_capabilities(bool need_environ)
@@ -434,7 +450,7 @@ cifs_krb5_get_req(const char *host, krb5_ccache ccache,
 	krb5_data apreq_pkt, in_data;
 	krb5_auth_context auth_context = NULL;
 #if defined(HAVE_KRB5_AUTH_CON_SETADDRS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)
-	static const uint8_t gss_cksum[24] = { 0x10, 0x00, /* ... */};
+	static char gss_cksum[24] = { 0x10, 0x00, /* ... */};
 #endif
 	memset(&in_creds, 0, sizeof(in_creds));
 
@@ -498,7 +514,7 @@ cifs_krb5_get_req(const char *host, krb5_ccache ccache,
 	 *
 	 * See https://bugzilla.samba.org/show_bug.cgi?id=7890
 	 */
-	in_data.data = discard_const_p(char, gss_cksum);
+	in_data.data = gss_cksum;
 	in_data.length = 24;
 
 	/* MIT krb5 < 1.7 is missing the prototype, but still has the symbol */
-- 
2.9.3

[cifs-utils PATCH 4/8] replace.h: remove it

[Jeff Layton]

Nothing uses it now.

Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
---
 configure.ac |   2 +-
 replace.h    | 674 -----------------------------------------------------------
 2 files changed, 1 insertion(+), 675 deletions(-)
 delete mode 100644 replace.h

diff --git a/configure.ac b/configure.ac
index 12098e2bda41..78a1215f849d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_INIT([cifs-utils],[6.6.1],[linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org],[cifs-utils],[https://wiki.samba.org/index.php/LinuxCIFS_utils])
-AC_CONFIG_SRCDIR([replace.h])
+AC_CONFIG_SRCDIR([data_blob.h])
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_FILES([Makefile contrib/Makefile contrib/request-key.d/Makefile])
 AC_CONFIG_MACRO_DIR(aclocal)
diff --git a/replace.h b/replace.h
deleted file mode 100644
index 03d293704a2e..000000000000
--- a/replace.h
+++ /dev/null
@@ -1,674 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-
-   macros to go along with the lib/replace/ portability layer code
-
-   Copyright (C) Andrew Tridgell 2005
-   Copyright (C) Jelmer Vernooij 2006-2008
-   Copyright (C) Jeremy Allison 2007.
-
-     ** NOTE! The following LGPL license applies to the replace
-     ** library. This does NOT imply that all of Samba is released
-     ** under the LGPL
-
-   This library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 3 of the License, or (at your option) any later version.
-
-   This library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with this library; if not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _LIBREPLACE_REPLACE_H
-#define _LIBREPLACE_REPLACE_H
-
-#include "config.h"
-
-#ifdef HAVE_STANDARDS_H
-#include <standards.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <errno.h>
-
-#if defined(_MSC_VER) || defined(__MINGW32__)
-#include "win32_replace.h"
-#endif
-
-
-#ifdef HAVE_STDINT_H
-#include <stdint.h>
-/* force off HAVE_INTTYPES_H so that roken doesn't try to include both,
-   which causes a warning storm on irix */
-#undef HAVE_INTTYPES_H
-#elif HAVE_INTTYPES_H
-#define __STDC_FORMAT_MACROS
-#include <inttypes.h>
-#endif
-
-#ifndef __PRI64_PREFIX
-# if __WORDSIZE == 64
-#  define __PRI64_PREFIX	"l"
-# else
-#  define __PRI64_PREFIX	"ll"
-# endif
-#endif
-
-/* Decimal notation.  */
-#ifndef PRId8
-# define PRId8		"d"
-#endif
-#ifndef PRId16
-# define PRId16		"d"
-#endif
-#ifndef PRId32
-# define PRId32		"d"
-#endif
-#ifndef PRId64
-# define PRId64		__PRI64_PREFIX "d"
-#endif
-
-#ifndef PRIi8
-# define PRIi8		"i"
-#endif
-#ifndef PRIi8
-# define PRIi16		"i"
-#endif
-#ifndef PRIi8
-# define PRIi32		"i"
-#endif
-#ifndef PRIi8
-# define PRIi64		__PRI64_PREFIX "i"
-#endif
-
-#ifndef PRIu8
-# define PRIu8		"u"
-#endif
-#ifndef PRIu16
-# define PRIu16		"u"
-#endif
-#ifndef PRIu32
-# define PRIu32		"u"
-#endif
-#ifndef PRIu64
-# define PRIu64		__PRI64_PREFIX "u"
-#endif
-
-#ifdef HAVE_STRING_H
-#include <string.h>
-#endif
-
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-
-#ifndef HAVE_STRERROR
-extern char *sys_errlist[];
-#define strerror(i) sys_errlist[i]
-#endif
-
-#ifndef HAVE_STRDUP
-#define strdup rep_strdup
-char *rep_strdup(const char *s);
-#endif
-
-#ifndef HAVE_MEMMEM
-#define memmem rep_memmem
-void *rep_memmem(const void *haystack, size_t haystacklen,
-		 const void *needle, size_t needlelen);
-#endif
-
-#ifndef HAVE_MKTIME
-#define mktime rep_mktime
-/* prototype is in "system/time.h" */
-#endif
-
-#ifndef HAVE_TIMEGM
-#define timegm rep_timegm
-/* prototype is in "system/time.h" */
-#endif
-
-#ifndef HAVE_UTIME
-#define utime rep_utime
-/* prototype is in "system/time.h" */
-#endif
-
-#ifndef HAVE_UTIMES
-#define utimes rep_utimes
-/* prototype is in "system/time.h" */
-#endif
-
-#if !HAVE_DECL_ENVIRON
-#ifdef __APPLE__
-#include <crt_externs.h>
-#define environ (*_NSGetEnviron())
-#else
-extern char **environ;
-#endif
-#endif
-
-#ifndef HAVE_SETENV
-#define setenv rep_setenv
-int rep_setenv(const char *name, const char *value, int overwrite);
-#else
-#ifndef HAVE_SETENV_DECL
-int setenv(const char *name, const char *value, int overwrite);
-#endif
-#endif
-
-#ifndef HAVE_UNSETENV
-#define unsetenv rep_unsetenv
-int rep_unsetenv(const char *name);
-#endif
-
-#ifndef HAVE_SETEUID
-#define seteuid rep_seteuid
-int rep_seteuid(uid_t);
-#endif
-
-#ifndef HAVE_SETEGID
-#define setegid rep_setegid
-int rep_setegid(gid_t);
-#endif
-
-#if (defined(USE_SETRESUID) && !defined(HAVE_SETRESUID_DECL))
-/* stupid glibc */
-int setresuid(uid_t ruid, uid_t euid, uid_t suid);
-#endif
-#if (defined(USE_SETRESUID) && !defined(HAVE_SETRESGID_DECL))
-int setresgid(gid_t rgid, gid_t egid, gid_t sgid);
-#endif
-
-#ifndef HAVE_CHOWN
-#define chown rep_chown
-int rep_chown(const char *path, uid_t uid, gid_t gid);
-#endif
-
-#ifndef HAVE_CHROOT
-#define chroot rep_chroot
-int rep_chroot(const char *dirname);
-#endif
-
-#ifndef HAVE_LINK
-#define link rep_link
-int rep_link(const char *oldpath, const char *newpath);
-#endif
-
-#ifndef HAVE_READLINK
-#define readlink rep_readlink
-ssize_t rep_readlink(const char *path, char *buf, size_t bufsize);
-#endif
-
-#ifndef HAVE_SYMLINK
-#define symlink rep_symlink
-int rep_symlink(const char *oldpath, const char *newpath);
-#endif
-
-#ifndef HAVE_REALPATH
-#define realpath rep_realpath
-char *rep_realpath(const char *path, char *resolved_path);
-#endif
-
-#ifndef HAVE_LCHOWN
-#define lchown rep_lchown
-int rep_lchown(const char *fname,uid_t uid,gid_t gid);
-#endif
-
-#ifdef HAVE_UNIX_H
-#include <unix.h>
-#endif
-
-#ifndef HAVE_SETLINEBUF
-#define setlinebuf rep_setlinebuf
-void rep_setlinebuf(FILE *);
-#endif
-
-#ifndef HAVE_STRCASESTR
-#define strcasestr rep_strcasestr
-char *rep_strcasestr(const char *haystack, const char *needle);
-#endif
-
-#ifndef HAVE_STRTOLL
-#define strtoll rep_strtoll
-long long int rep_strtoll(const char *str, char **endptr, int base);
-#endif
-
-#ifndef HAVE_STRTOULL
-#define strtoull rep_strtoull
-unsigned long long int rep_strtoull(const char *str, char **endptr, int base);
-#endif
-
-#ifndef HAVE_FTRUNCATE
-#define ftruncate rep_ftruncate
-int rep_ftruncate(int,off_t);
-#endif
-
-#ifndef HAVE_INITGROUPS
-#define initgroups rep_initgroups
-int rep_initgroups(char *name, gid_t id);
-#endif
-
-#ifndef HAVE_DLERROR
-#define dlerror rep_dlerror
-char *rep_dlerror(void);
-#endif
-
-#ifndef HAVE_DLOPEN
-#define dlopen rep_dlopen
-#ifdef DLOPEN_TAKES_UNSIGNED_FLAGS
-void *rep_dlopen(const char *name, unsigned int flags);
-#else
-void *rep_dlopen(const char *name, int flags);
-#endif
-#endif
-
-#ifndef HAVE_DLSYM
-#define dlsym rep_dlsym
-void *rep_dlsym(void *handle, const char *symbol);
-#endif
-
-#ifndef HAVE_DLCLOSE
-#define dlclose rep_dlclose
-int rep_dlclose(void *handle);
-#endif
-
-#ifndef HAVE_SOCKETPAIR
-#define socketpair rep_socketpair
-/* prototype is in system/network.h */
-#endif
-
-#ifndef PRINTF_ATTRIBUTE
-#if (__GNUC__ >= 3) && (__GNUC_MINOR__ >= 1 )
-/** Use gcc attribute to check printf fns.  a1 is the 1-based index of
- * the parameter containing the format, and a2 the index of the first
- * argument. Note that some gcc 2.x versions don't handle this
- * properly **/
-#define PRINTF_ATTRIBUTE(a1, a2) __attribute__ ((format (__printf__, a1, a2)))
-#else
-#define PRINTF_ATTRIBUTE(a1, a2)
-#endif
-#endif
-
-#ifndef _DEPRECATED_
-#if (__GNUC__ >= 3) && (__GNUC_MINOR__ >= 1 )
-#define _DEPRECATED_ __attribute__ ((deprecated))
-#else
-#define _DEPRECATED_
-#endif
-#endif
-
-#ifndef HAVE_VASPRINTF
-#define vasprintf rep_vasprintf
-int rep_vasprintf(char **ptr, const char *format, va_list ap) PRINTF_ATTRIBUTE(2,0);
-#endif
-
-#define slprintf snprintf
-
-#ifndef HAVE_VA_COPY
-#undef va_copy
-#ifdef HAVE___VA_COPY
-#define va_copy(dest, src) __va_copy(dest, src)
-#else
-#define va_copy(dest, src) (dest) = (src)
-#endif
-#endif
-
-#ifndef HAVE_VOLATILE
-#define volatile
-#endif
-
-#ifndef HAVE_COMPARISON_FN_T
-typedef int (*comparison_fn_t)(const void *, const void *);
-#endif
-
-#ifdef REPLACE_STRPTIME
-#define strptime rep_strptime
-struct tm;
-char *rep_strptime(const char *buf, const char *format, struct tm *tm);
-#endif
-
-#ifndef HAVE_DUP2
-#define dup2 rep_dup2
-int rep_dup2(int oldfd, int newfd);
-#endif
-
-/* Load header file for dynamic linking stuff */
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#ifndef RTLD_LAZY
-#define RTLD_LAZY 0
-#endif
-#ifndef RTLD_NOW
-#define RTLD_NOW 0
-#endif
-#ifndef RTLD_GLOBAL
-#define RTLD_GLOBAL 0
-#endif
-
-#ifndef HAVE_SECURE_MKSTEMP
-#define mkstemp(path) rep_mkstemp(path)
-int rep_mkstemp(char *temp);
-#endif
-
-#ifndef HAVE_MKDTEMP
-#define mkdtemp rep_mkdtemp
-char *rep_mkdtemp(char *template);
-#endif
-
-#ifndef HAVE_PREAD
-#define pread rep_pread
-ssize_t rep_pread(int __fd, void *__buf, size_t __nbytes, off_t __offset);
-#define LIBREPLACE_PREAD_REPLACED 1
-#else
-#define LIBREPLACE_PREAD_NOT_REPLACED 1
-#endif
-
-#ifndef HAVE_PWRITE
-#define pwrite rep_pwrite
-ssize_t rep_pwrite(int __fd, const void *__buf, size_t __nbytes, off_t __offset);
-#define LIBREPLACE_PWRITE_REPLACED 1
-#else
-#define LIBREPLACE_PWRITE_NOT_REPLACED 1
-#endif
-
-#if !defined(HAVE_INET_NTOA) || defined(REPLACE_INET_NTOA)
-#define inet_ntoa rep_inet_ntoa
-/* prototype is in "system/network.h" */
-#endif
-
-#ifndef HAVE_INET_PTON
-#define inet_pton rep_inet_pton
-/* prototype is in "system/network.h" */
-#endif
-
-#ifndef HAVE_INET_NTOP
-#define inet_ntop rep_inet_ntop
-/* prototype is in "system/network.h" */
-#endif
-
-#ifndef HAVE_INET_ATON
-#define inet_aton rep_inet_aton
-/* prototype is in "system/network.h" */
-#endif
-
-#ifndef HAVE_CONNECT
-#define connect rep_connect
-/* prototype is in "system/network.h" */
-#endif
-
-#ifndef HAVE_GETHOSTBYNAME
-#define gethostbyname rep_gethostbyname
-/* prototype is in "system/network.h" */
-#endif
-
-#ifndef HAVE_GETIFADDRS
-#define getifaddrs rep_getifaddrs
-/* prototype is in "system/network.h" */
-#endif
-
-#ifndef HAVE_FREEIFADDRS
-#define freeifaddrs rep_freeifaddrs
-/* prototype is in "system/network.h" */
-#endif
-
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-
-#ifdef HAVE_SYS_PARAM_H
-#include <sys/param.h>
-#endif
-
-/* The extra casts work around common compiler bugs.  */
-#define _TYPE_SIGNED(t) (! ((t) 0 < (t) -1))
-/* The outer cast is needed to work around a bug in Cray C 5.0.3.0.
-   It is necessary at least when t == time_t.  */
-#define _TYPE_MINIMUM(t) ((t) (_TYPE_SIGNED (t) \
-  			      ? ~ (t) 0 << (sizeof (t) * CHAR_BIT - 1) : (t) 0))
-#define _TYPE_MAXIMUM(t) ((t) (~ (t) 0 - _TYPE_MINIMUM (t)))
-
-#ifndef UINT16_MAX
-#define UINT16_MAX 65535
-#endif
-
-#ifndef UINT32_MAX
-#define UINT32_MAX (4294967295U)
-#endif
-
-#ifndef UINT64_MAX
-#define UINT64_MAX ((uint64_t)-1)
-#endif
-
-#ifndef CHAR_BIT
-#define CHAR_BIT 8
-#endif
-
-#ifndef INT32_MAX
-#define INT32_MAX _TYPE_MAXIMUM(int32_t)
-#endif
-
-#ifdef HAVE_STDBOOL_H
-#include <stdbool.h>
-#endif
-
-#if !defined(HAVE_BOOL)
-#ifdef HAVE__BOOL
-#define bool _Bool
-#else
-typedef int bool;
-#endif
-#endif
-
-/*
- * to prevent <rpcsvc/yp_prot.h> from doing a redefine of 'bool'
- *
- * IRIX, HPUX, MacOS 10 and Solaris need BOOL_DEFINED
- * Tru64 needs _BOOL_EXISTS
- * AIX needs _BOOL,_TRUE,_FALSE
- */
-#ifndef BOOL_DEFINED
-#define BOOL_DEFINED
-#endif
-#ifndef _BOOL_EXISTS
-#define _BOOL_EXISTS
-#endif
-#ifndef _BOOL
-#define _BOOL
-#endif
-
-#ifndef __bool_true_false_are_defined
-#define __bool_true_false_are_defined
-#endif
-
-#ifndef true
-#define true (1)
-#endif
-#ifndef false
-#define false (0)
-#endif
-
-#ifndef _TRUE
-#define _TRUE true
-#endif
-#ifndef _FALSE
-#define _FALSE false
-#endif
-
-#ifndef HAVE_FUNCTION_MACRO
-#ifdef HAVE_func_MACRO
-#define __FUNCTION__ __func__
-#else
-#define __FUNCTION__ ("")
-#endif
-#endif
-
-
-#ifndef MIN
-#define MIN(a,b) ((a)<(b)?(a):(b))
-#endif
-
-#ifndef MAX
-#define MAX(a,b) ((a)>(b)?(a):(b))
-#endif
-
-#if !defined(HAVE_VOLATILE)
-#define volatile
-#endif
-
-/**
-  this is a warning hack. The idea is to use this everywhere that we
-  get the "discarding const" warning from gcc. That doesn't actually
-  fix the problem of course, but it means that when we do get to
-  cleaning them up we can do it by searching the code for
-  discard_const.
-
-  It also means that other error types aren't as swamped by the noise
-  of hundreds of const warnings, so we are more likely to notice when
-  we get new errors.
-
-  Please only add more uses of this macro when you find it
-  _really_ hard to fix const warnings. Our aim is to eventually use
-  this function in only a very few places.
-
-  Also, please call this via the discard_const_p() macro interface, as that
-  makes the return type safe.
-*/
-#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
-
-/** Type-safe version of discard_const */
-#define discard_const_p(type, ptr) ((type *)discard_const(ptr))
-
-#ifndef __STRING
-#define __STRING(x)    #x
-#endif
-
-#ifndef __STRINGSTRING
-#define __STRINGSTRING(x) __STRING(x)
-#endif
-
-#ifndef __LINESTR__
-#define __LINESTR__ __STRINGSTRING(__LINE__)
-#endif
-
-#ifndef __location__
-#define __location__ __FILE__ ":" __LINESTR__
-#endif
-
-/** 
- * zero a structure 
- */
-#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
-
-/** 
- * zero a structure given a pointer to the structure 
- */
-#define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0)
-
-/** 
- * zero a structure given a pointer to the structure - no zero check 
- */
-#define ZERO_STRUCTPN(x) memset((char *)(x), 0, sizeof(*(x)))
-
-/* zero an array - note that sizeof(array) must work - ie. it must not be a
-   pointer */
-#define ZERO_ARRAY(x) memset((char *)(x), 0, sizeof(x))
-
-/**
- * work out how many elements there are in a static array 
- */
-#define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
-
-/** 
- * pointer difference macro 
- */
-#define PTR_DIFF(p1,p2) ((ptrdiff_t)(((const char *)(p1)) - (const char *)(p2)))
-
-#if MMAP_BLACKLIST
-#undef HAVE_MMAP
-#endif
-
-#ifdef __COMPAR_FN_T
-#define QSORT_CAST (__compar_fn_t)
-#endif
-
-#ifndef QSORT_CAST
-#define QSORT_CAST (int (*)(const void *, const void *))
-#endif
-
-#ifndef PATH_MAX
-#define PATH_MAX 1024
-#endif
-
-#ifndef MAX_DNS_NAME_LENGTH
-#define MAX_DNS_NAME_LENGTH 256 /* Actually 255 but +1 for terminating null. */
-#endif
-
-#ifndef HAVE_CRYPT
-char *ufc_crypt(const char *key, const char *salt);
-#define crypt ufc_crypt
-#else
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-#endif
-
-/* these macros gain us a few percent of speed on gcc */
-#if (__GNUC__ >= 3)
-/* the strange !! is to ensure that __builtin_expect() takes either 0 or 1
-   as its first argument */
-#ifndef likely
-#define likely(x)   __builtin_expect(!!(x), 1)
-#endif
-#ifndef unlikely
-#define unlikely(x) __builtin_expect(!!(x), 0)
-#endif
-#else
-#ifndef likely
-#define likely(x) (x)
-#endif
-#ifndef unlikely
-#define unlikely(x) (x)
-#endif
-#endif
-
-#ifndef SAFE_FREE
-#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0)
-#endif
-
-typedef uint32_t NTSTATUS;
-#define NT_STATUS(x) (x)
-#define NT_STATUS_V(x) (x)
-
-/* These macros unify the keyblock handling of Heimdal and MIT somewhat */
-#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
-#define KRB5_KEY_TYPE(k)        ((k)->keytype)
-#define KRB5_KEY_LENGTH(k)      ((k)->keyvalue.length)
-#define KRB5_KEY_DATA(k)        ((k)->keyvalue.data)
-#define KRB5_KEY_DATA_CAST      void
-#else /* MIT */
-#define KRB5_KEY_TYPE(k)        ((k)->enctype)
-#define KRB5_KEY_LENGTH(k)      ((k)->length)
-#define KRB5_KEY_DATA(k)        ((k)->contents)
-#define KRB5_KEY_DATA_CAST      krb5_octet
-#endif
-
-#endif /* _LIBREPLACE_REPLACE_H */
-- 
2.9.3

[cifs-utils PATCH 5/8] treewide: Eliminate SAFE_FREE

[Jeff Layton]

It just frees and then zeroes out the pointer. That's of dubious
value in the places where it's currently being used. Just use
free() instead.

Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
---
 cifs.upcall.c | 22 ++++++++++------------
 mount.cifs.c  | 16 +++++-----------
 2 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/cifs.upcall.c b/cifs.upcall.c
index cfc926cd9d09..15e1e0f91c22 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -82,8 +82,6 @@ typedef enum _sectype {
 #define KRB5_KEY_DATA_CAST      krb5_octet
 #endif
 
-#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x = NULL; } } while (0)
-
 #ifdef HAVE_LIBCAP_NG
 static int
 trim_capabilities(bool need_environ)
@@ -162,7 +160,7 @@ static char *cifs_krb5_principal_get_realm(krb5_principal principal)
 #if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
 static void krb5_free_unparsed_name(krb5_context context, char *val)
 {
-	SAFE_FREE(val);
+	free(val);
 }
 #endif
 
@@ -650,7 +648,7 @@ decode_key_description(const char *desc, struct decoded_args *arg)
 				len = pos - tkn;
 
 			len -= 5;
-			SAFE_FREE(arg->hostname);
+			free(arg->hostname);
 			arg->hostname = strndup(tkn + 5, len);
 			if (arg->hostname == NULL) {
 				syslog(LOG_ERR, "Unable to allocate memory");
@@ -665,7 +663,7 @@ decode_key_description(const char *desc, struct decoded_args *arg)
 				len = pos - tkn;
 
 			len -= 4;
-			SAFE_FREE(arg->ip);
+			free(arg->ip);
 			arg->ip = strndup(tkn + 4, len);
 			if (arg->ip == NULL) {
 				syslog(LOG_ERR, "Unable to allocate memory");
@@ -680,7 +678,7 @@ decode_key_description(const char *desc, struct decoded_args *arg)
 				len = pos - tkn;
 
 			len -= 5;
-			SAFE_FREE(arg->username);
+			free(arg->username);
 			arg->username = strndup(tkn + 5, len);
 			if (arg->username == NULL) {
 				syslog(LOG_ERR, "Unable to allocate memory");
@@ -968,7 +966,7 @@ int main(const int argc, char *const argv[])
 	}
 
 	have = decode_key_description(buf, &arg);
-	SAFE_FREE(buf);
+	free(buf);
 	if ((have & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
 		syslog(LOG_ERR, "unable to get necessary params from key "
 		       "description (0x%x)", have);
@@ -1207,11 +1205,11 @@ out:
 		krb5_cc_close(context, ccache);
 	if (context)
 		krb5_free_context(context);
-	SAFE_FREE(arg.hostname);
-	SAFE_FREE(arg.ip);
-	SAFE_FREE(arg.username);
-	SAFE_FREE(keydata);
-	SAFE_FREE(env_cachename);
+	free(arg.hostname);
+	free(arg.ip);
+	free(arg.username);
+	free(keydata);
+	free(env_cachename);
 	syslog(LOG_DEBUG, "Exit status %ld", rc);
 	return rc;
 }
diff --git a/mount.cifs.c b/mount.cifs.c
index b2bcb7f16b9f..13b71ef50303 100644
--- a/mount.cifs.c
+++ b/mount.cifs.c
@@ -61,6 +61,7 @@
 #include "mount.h"
 #include "util.h"
 #include "resolve_host.h"
+#include "data_blob.h"
 
 #ifndef MS_MOVE 
 #define MS_MOVE 8192 
@@ -101,13 +102,6 @@
 /* Max password size. */
 #define MOUNT_PASSWD_SIZE 512
 
-
-
-#ifndef SAFE_FREE
-#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x = NULL; } } while (0)
-#endif
-
-
 /*
  * mount.cifs has been the subject of many "security" bugs that have arisen
  * because of users and distributions installing it as a setuid root program
@@ -621,7 +615,7 @@ return_i:
 	/* make sure passwords are scrubbed from memory */
 	if (line_buf != NULL)
 		memset(line_buf, 0, line_buf_size);
-	SAFE_FREE(line_buf);
+	free(line_buf);
 	return i;
 }
 
@@ -1516,7 +1510,7 @@ add_mtab(char *devname, char *mountpoint, unsigned long flags, const char *fstyp
 		rc = EX_FILEIO;
 	}
 	unlock_mtab();
-	SAFE_FREE(mountent.mnt_opts);
+	free(mountent.mnt_opts);
 add_mtab_exit:
 	toggle_dac_capability(1, 0);
 	sigprocmask(SIG_SETMASK, &oldmask, NULL);
@@ -2152,7 +2146,7 @@ mount_exit:
 		memset(parsed_info->password, 0, sizeof(parsed_info->password));
 		munmap(parsed_info, sizeof(*parsed_info));
 	}
-	SAFE_FREE(options);
-	SAFE_FREE(orgoptions);
+	free(options);
+	free(orgoptions);
 	return rc;
 }
-- 
2.9.3

[cifs-utils PATCH 6/8] data_blob: Eliminate _PUBLIC_

[Jeff Layton]

It's defined to nothing anyway.

Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
---
 data_blob.c |  6 +++---
 data_blob.h | 10 +++-------
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/data_blob.c b/data_blob.c
index a884f132bcde..07e54e2c2bcd 100644
--- a/data_blob.c
+++ b/data_blob.c
@@ -37,7 +37,7 @@ const DATA_BLOB data_blob_null = { NULL, 0 };
  construct a data blob, must be freed with data_blob_free()
  you can pass NULL for p and get a blank data blob
 **/
-_PUBLIC_ DATA_BLOB data_blob_named(const void *p, size_t length, const char *name)
+DATA_BLOB data_blob_named(const void *p, size_t length, const char *name)
 {
 	DATA_BLOB ret;
 
@@ -63,7 +63,7 @@ _PUBLIC_ DATA_BLOB data_blob_named(const void *p, size_t length, const char *nam
 /**
  construct a data blob, using supplied TALLOC_CTX
 **/
-_PUBLIC_ DATA_BLOB data_blob_talloc_named(TALLOC_CTX *mem_ctx, const void *p, size_t length, const char *name)
+DATA_BLOB data_blob_talloc_named(TALLOC_CTX *mem_ctx, const void *p, size_t length, const char *name)
 {
 	DATA_BLOB ret = data_blob_named(p, length, name);
 
@@ -76,7 +76,7 @@ _PUBLIC_ DATA_BLOB data_blob_talloc_named(TALLOC_CTX *mem_ctx, const void *p, si
 /**
 free a data blob
 **/
-_PUBLIC_ void data_blob_free(DATA_BLOB *d)
+void data_blob_free(DATA_BLOB *d)
 {
 	if (d) {
 		talloc_free(d->data);
diff --git a/data_blob.h b/data_blob.h
index ccdf30d110af..3d961475e9ff 100644
--- a/data_blob.h
+++ b/data_blob.h
@@ -23,10 +23,6 @@
 #ifndef _SAMBA_DATABLOB_H_
 #define _SAMBA_DATABLOB_H_
 
-#ifndef _PUBLIC_
-#define _PUBLIC_
-#endif
-
 #include <talloc.h>
 #include <stdint.h>
 
@@ -53,17 +49,17 @@ struct data_blob_list_item {
  construct a data blob, must be freed with data_blob_free()
  you can pass NULL for p and get a blank data blob
 **/
-_PUBLIC_ DATA_BLOB data_blob_named(const void *p, size_t length, const char *name);
+DATA_BLOB data_blob_named(const void *p, size_t length, const char *name);
 
 /**
  construct a data blob, using supplied TALLOC_CTX
 **/
-_PUBLIC_ DATA_BLOB data_blob_talloc_named(TALLOC_CTX *mem_ctx, const void *p, size_t length, const char *name);
+DATA_BLOB data_blob_talloc_named(TALLOC_CTX *mem_ctx, const void *p, size_t length, const char *name);
 
 /**
 free a data blob
 **/
-_PUBLIC_ void data_blob_free(DATA_BLOB *d);
+void data_blob_free(DATA_BLOB *d);
 
 extern const DATA_BLOB data_blob_null;
 
-- 
2.9.3

[cifs-utils PATCH 7/8] cifs.upcall: unset $KRB5CCNAME when creating new credcache from keytab

[Jeff Layton]

We don't want to trust $KRB5CCNAME when creating or updating a new
credcache since we could be operating under the wrong credentials.
Always create new credcaches in the default location instead.

Reported-by: Chad William Seys <cwseys-JAjqph6Yjy/rea2nFwT0Kw@public.gmane.org>
Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
---
 cifs.upcall.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cifs.upcall.c b/cifs.upcall.c
index 15e1e0f91c22..0c89d7cf40d7 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -379,6 +379,12 @@ init_cc_from_keytab(const char *keytab_name, const char *user)
 
 	memset((char *) &my_creds, 0, sizeof(my_creds));
 
+	/*
+	 * Unset the environment variable, if any. If we're creating our own
+	 * credcache here, stick it in the default location.
+	 */
+	unsetenv(ENV_NAME);
+
 	if (keytab_name)
 		ret = krb5_kt_resolve(context, keytab_name, &keytab);
 	else
-- 
2.9.3

[cifs-utils PATCH 8/8] cifs.upcall: don't do env scraping when uid is 0

[Jeff Layton]

Setuid programs triggering upcalls could trick the program here. Also,
the d_automount method is done with credentials overridden so if you
can end up with mismatched creds and env vars due to that as well.

It's a hack, but the only recourse I can see is to avoid doing this
when the uid is 0. That means we can't rely on finding root credcaches
in alternate locations using $KRB5CCNAME, but I think that's the best
we can do.

Reported-by: Chad William Seys <cwseys-JAjqph6Yjy/rea2nFwT0Kw@public.gmane.org>
Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
---
 cifs.upcall.8.in |  5 ++++-
 cifs.upcall.c    | 10 +++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/cifs.upcall.8.in b/cifs.upcall.8.in
index e1f3956e176a..81481a482fb4 100644
--- a/cifs.upcall.8.in
+++ b/cifs.upcall.8.in
@@ -44,7 +44,10 @@ Normally, cifs.upcall will probe the environment variable space of the process
 that initiated the upcall in order to fetch the value of $KRB5CCNAME. This can
 assist the program with finding credential caches in non-default locations. If
 this option is set, then the program won't do this and will rely on finding
-credcaches in the default locations specified in krb5.conf.
+credcaches in the default locations specified in krb5.conf. Note that this is
+never performed when the uid is 0. The default credcache location is always
+used when the uid is 0, regardless of the environment variable setting in the
+process.
 .RE
 .PP
 \--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 0c89d7cf40d7..8545e09611ad 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -1038,11 +1038,19 @@ int main(const int argc, char *const argv[])
 	}
 
 	/*
+	 * We can't reasonably do this for root. Mounting a DFS share, for
+	 * instance we can end up with creds being overridden, but the env
+	 * variable left intact.
+	 */
+	if (uid == 0)
+		env_probe = false;
+
+	/*
 	 * Must do this before setuid, as we need elevated capabilities to
 	 * look at the environ file.
 	 */
 	env_cachename =
-		get_cachename_from_process_env(env_probe ?  arg.pid : 0);
+		get_cachename_from_process_env(env_probe ? arg.pid : 0);
 
 	rc = setuid(uid);
 	if (rc == -1) {
-- 
2.9.3

Re: [cifs-utils PATCH 7/8] cifs.upcall: unset $KRB5CCNAME when creating new credcache from keytab

[Simo Sorce]

On Fri, 2017-02-24 at 09:27 -0500, Jeff Layton wrote:
> We don't want to trust $KRB5CCNAME when creating or updating a new
> credcache since we could be operating under the wrong credentials.
> Always create new credcaches in the default location instead.
> 
> Reported-by: Chad William Seys <cwseys-JAjqph6Yjy/rea2nFwT0Kw@public.gmane.org>
> Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
> ---
>  cifs.upcall.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/cifs.upcall.c b/cifs.upcall.c
> index 15e1e0f91c22..0c89d7cf40d7 100644
> --- a/cifs.upcall.c
> +++ b/cifs.upcall.c
> @@ -379,6 +379,12 @@ init_cc_from_keytab(const char *keytab_name, const char *user)
>  
>  	memset((char *) &my_creds, 0, sizeof(my_creds));
>  
> +	/*
> +	 * Unset the environment variable, if any. If we're creating our own
> +	 * credcache here, stick it in the default location.
> +	 */
> +	unsetenv(ENV_NAME);
> +
>  	if (keytab_name)
>  		ret = krb5_kt_resolve(context, keytab_name, &keytab);
>  	else

How long do you need these credentials around for ?
I wonder if using a memory ccache would work here.

Simo.

Re: [cifs-utils PATCH 7/8] cifs.upcall: unset $KRB5CCNAME when creating new credcache from keytab

[Jeff Layton]

On Fri, 2017-02-24 at 09:38 -0500, Simo Sorce wrote:
> On Fri, 2017-02-24 at 09:27 -0500, Jeff Layton wrote:
> > We don't want to trust $KRB5CCNAME when creating or updating a new
> > credcache since we could be operating under the wrong credentials.
> > Always create new credcaches in the default location instead.
> > 
> > Reported-by: Chad William Seys <cwseys-JAjqph6Yjy/rea2nFwT0Kw@public.gmane.org>
> > Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
> > ---
> >  cifs.upcall.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/cifs.upcall.c b/cifs.upcall.c
> > index 15e1e0f91c22..0c89d7cf40d7 100644
> > --- a/cifs.upcall.c
> > +++ b/cifs.upcall.c
> > @@ -379,6 +379,12 @@ init_cc_from_keytab(const char *keytab_name, const char *user)
> >  
> >  	memset((char *) &my_creds, 0, sizeof(my_creds));
> >  
> > +	/*
> > +	 * Unset the environment variable, if any. If we're creating our own
> > +	 * credcache here, stick it in the default location.
> > +	 */
> > +	unsetenv(ENV_NAME);
> > +
> >  	if (keytab_name)
> >  		ret = krb5_kt_resolve(context, keytab_name, &keytab);
> >  	else
> 
> How long do you need these credentials around for ?
> I wonder if using a memory ccache would work here.
> 
> 

Only for as long as the upcall program lasts. A memory cache sounds
like a good idea, actually. Let me ponder that...

[cifs-utils PATCH 9/8] cifs.upcall: use a MEMORY: ccache when instantiating from a keytab

[Jeff Layton]

Using a more permanent ccache is potentially problematic when we're
instantiating a new one. We might be operating under different creds
than expected. Just use a MEMORY: ccache since we don't need it to
last longer than the life of the upcall anyway.

Signed-off-by: Jeff Layton <jlayton-eUNUBHrolfbYtjvyW6yDsg@public.gmane.org>
---
 cifs.upcall.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cifs.upcall.c b/cifs.upcall.c
index e0d372408233..89563fd42adc 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -410,9 +410,9 @@ init_cc_from_keytab(const char *keytab_name, const char *user)
 		goto icfk_cleanup;
 	}
 
-	ret = krb5_cc_default(context, &cc);
+	ret = krb5_cc_resolve(context, "MEMORY:", &cc);
 	if (ret) {
-		syslog(LOG_DEBUG, "krb5_cc_default: %d", (int)ret);
+		syslog(LOG_DEBUG, "krb5_cc_resolve: %d", (int)ret);
 		goto icfk_cleanup;
 	}
 
-- 
2.9.3

Re: [cifs-utils PATCH 0/8] cifs-utils: fix problems with credcaches with overridden process creds

[Jeff Layton]

On Fri, 2017-02-24 at 09:27 -0500, Jeff Layton wrote:
> The main impetus for this set is patch #7, which is a one-liner. #8 may
> be overkill, but I do think that it's the right approach, at least for
> now.
> 
> In order to get all of this to build however, we need to eliminate the
> unsetenv override in replace.h, or add a test for unsetenv. I chose the
> former, so the real patches are preceded by a number of cleanup patches.
> 
> Jeff Layton (8):
>   data_blob: remove need for replace.h
>   spengo.c/asn1.c: remove need for replace.h
>   cifs.upcall: remove need for replace.h
>   replace.h: remove it
>   treewide: Eliminate SAFE_FREE
>   data_blob: Eliminate _PUBLIC_
>   cifs.upcall: unset $KRB5CCNAME when creating new credcache from keytab
>   cifs.upcall: don't do env scraping when uid is 0
> 
>  asn1.c           |   2 +-
>  cifs.upcall.8.in |   5 +-
>  cifs.upcall.c    |  56 +++--
>  configure.ac     |   2 +-
>  data_blob.c      |  11 +-
>  data_blob.h      |  10 +-
>  mount.cifs.c     |  16 +-
>  replace.h        | 674 -------------------------------------------------------
>  spnego.c         |   2 +-
>  9 files changed, 64 insertions(+), 714 deletions(-)
>  delete mode 100644 replace.h
> 

Chad messaged me privately and stated that these patches fixed the
issue he was having. Merged into cifs-utils master branch. This should
make v6.7.

Thanks!