svn commit: samba r21850 - in branches: SAMBA_3_0/source/libads
SAMBA_3_0_25/source/libads
jra at samba.org
jra at samba.org
Thu Mar 15 22:11:15 GMT 2007
Author: jra
Date: 2007-03-15 22:11:13 +0000 (Thu, 15 Mar 2007)
New Revision: 21850
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=21850
Log:
After Jerry explained to me the HORRIBLE way in which
the MIT gss libraries *SUCK*, move the frees to the end
of the function so MIT doesn't segfault.....
Add a comment so that another engineer knows why I did
this.
Jeremy.
Modified:
branches/SAMBA_3_0/source/libads/sasl.c
branches/SAMBA_3_0_25/source/libads/sasl.c
Changeset:
Modified: branches/SAMBA_3_0/source/libads/sasl.c
===================================================================
--- branches/SAMBA_3_0/source/libads/sasl.c 2007-03-15 22:09:45 UTC (rev 21849)
+++ branches/SAMBA_3_0/source/libads/sasl.c 2007-03-15 22:11:13 UTC (rev 21850)
@@ -352,12 +352,19 @@
gss_rc = gss_import_name(&minor_status, &input_name, &nt_principal, &serv_name);
- /* We've finished with principal and sname now. */
+ /*
+ * The MIT libraries have a *HORRIBLE* bug - input_value.value needs
+ * to point to the *address* of the krb5_principal, and the gss libraries
+ * to a shallow copy of the krb5_principal pointer - so we need to keep
+ * the krb5_principal around until we do the gss_release_name. MIT *SUCKS* !
+ * Just one more way in which MIT engineers screwed me over.... JRA.
+ */
+
SAFE_FREE(sname);
- krb5_free_principal(ctx, principal);
- krb5_free_context(ctx);
if (gss_rc) {
+ krb5_free_principal(ctx, principal);
+ krb5_free_context(ctx);
return ADS_ERROR_GSS(gss_rc, minor_status);
}
@@ -415,8 +422,6 @@
if (gss_rc == 0) break;
}
- gss_release_name(&minor_status, &serv_name);
-
gss_rc = gss_unwrap(&minor_status,context_handle,&input_token,&output_token,
(int *)&conf_state,NULL);
if (gss_rc) {
@@ -471,6 +476,11 @@
gss_release_buffer(&minor_status, &input_token);
failed:
+
+ gss_release_name(&minor_status, &serv_name);
+ krb5_free_principal(ctx, principal);
+ krb5_free_context(ctx);
+
if(scred)
ber_bvfree(scred);
return status;
Modified: branches/SAMBA_3_0_25/source/libads/sasl.c
===================================================================
--- branches/SAMBA_3_0_25/source/libads/sasl.c 2007-03-15 22:09:45 UTC (rev 21849)
+++ branches/SAMBA_3_0_25/source/libads/sasl.c 2007-03-15 22:11:13 UTC (rev 21850)
@@ -352,12 +352,19 @@
gss_rc = gss_import_name(&minor_status, &input_name, &nt_principal, &serv_name);
- /* We've finished with principal and sname now. */
+ /*
+ * The MIT libraries have a *HORRIBLE* bug - input_value.value needs
+ * to point to the *address* of the krb5_principal, and the gss libraries
+ * to a shallow copy of the krb5_principal pointer - so we need to keep
+ * the krb5_principal around until we do the gss_release_name. MIT *SUCKS* !
+ * Just one more way in which MIT engineers screwed me over.... JRA.
+ */
+
SAFE_FREE(sname);
- krb5_free_principal(ctx, principal);
- krb5_free_context(ctx);
if (gss_rc) {
+ krb5_free_principal(ctx, principal);
+ krb5_free_context(ctx);
return ADS_ERROR_GSS(gss_rc, minor_status);
}
@@ -415,8 +422,6 @@
if (gss_rc == 0) break;
}
- gss_release_name(&minor_status, &serv_name);
-
gss_rc = gss_unwrap(&minor_status,context_handle,&input_token,&output_token,
(int *)&conf_state,NULL);
if (gss_rc) {
@@ -471,6 +476,11 @@
gss_release_buffer(&minor_status, &input_token);
failed:
+
+ gss_release_name(&minor_status, &serv_name);
+ krb5_free_principal(ctx, principal);
+ krb5_free_context(ctx);
+
if(scred)
ber_bvfree(scred);
return status;
More information about the samba-cvs
mailing list