[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Tue Aug 31 15:17:24 MDT 2010


The branch, master has been updated
       via  e5c7ec6 winreg: add winreg_RestoreKeyFlags to IDL.
       via  95f9542 s3-auth: remove global include of krb5pac.h.
       via  16c2d91 s3-printing: add debug to get_correct_cversion().
       via  bf3912b s3-libads: avoid crashing in ads_keytab_list().
       via  d5436c6 s3-auth: remove unused variable in check_sam_security().
       via  d8c9756 s3-kerberos: use more krb5 compat macros in get_mem_keytab_from_secrets().
       via  765bee9 s3-kerberos: use smb_get_enctype_from_kt_entry() in get_mem_keytab_from_secrets().
       via  e26a936 s3-kerberos: use get_kerberos_allowed_etypes in fill_keytab_from_password().
       via  9986d25 s3-kerberos: use krb5 compat macros in fill_keytab_from_password().
       via  3d78279 s3-kerberos: fix flush_keytab() compile with heimdal.
      from  a20e94b Revert "s4/heimdal_build: use GetTimeOfDay macro instead of gettimeofday"

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e5c7ec66982e6d2705c7a103aff5502f441404bb
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 31 16:58:23 2010 +0200

    winreg: add winreg_RestoreKeyFlags to IDL.
    
    Guenther

commit 95f9542e055d027adeb596a2c67fe48add77033c
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 31 23:09:39 2010 +0200

    s3-auth: remove global include of krb5pac.h.
    
    Guenther

commit 16c2d9182d0c0ff55eba4d8bce2931b579b00339
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 31 16:58:54 2010 +0200

    s3-printing: add debug to get_correct_cversion().
    
    Guenther

commit bf3912be46b2cac71a1ff89f548b9e3528872c6c
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 31 14:27:56 2010 +0200

    s3-libads: avoid crashing in ads_keytab_list().
    
    Heimdal's krb5_kt_start_seq_get() will leave a non 0 fd in the krb5_kt_cursor
    struct when it cannot find a given keytab.
    
    Guenther

commit d5436c650c806bb04424205b1d5c9c699b051d7d
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 31 17:25:18 2010 +0200

    s3-auth: remove unused variable in check_sam_security().
    
    Guenther

commit d8c9756d539f9a869bd09fb67b3adcbd2a6a0fc0
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 31 22:28:00 2010 +0200

    s3-kerberos: use more krb5 compat macros in get_mem_keytab_from_secrets().
    
    Guenther

commit 765bee9d7a2ea990db37e7811fe449af3c61e7a0
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 31 22:27:32 2010 +0200

    s3-kerberos: use smb_get_enctype_from_kt_entry() in
    get_mem_keytab_from_secrets().
    
    Guenther

commit e26a9363335fa0c6e72f46531395bf0f9d950e83
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 31 11:04:40 2010 +0200

    s3-kerberos: use get_kerberos_allowed_etypes in fill_keytab_from_password().
    
    Guenther

commit 9986d25ed195ee77bd73c96f057c527b4c3a8f03
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 31 11:00:03 2010 +0200

    s3-kerberos: use krb5 compat macros in fill_keytab_from_password().
    
    Guenther

commit 3d78279fd437a5ef5b4ed7ff88c1f605cd0999d9
Author: Günther Deschner <gd at samba.org>
Date:   Tue Aug 31 11:01:23 2010 +0200

    s3-kerberos: fix flush_keytab() compile with heimdal.
    
    krb5_kt_cursor is not a pointer in heimdal but a struct.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 auth/common_auth.h               |    2 -
 librpc/idl/winreg.idl            |   10 ++++++-
 source3/auth/check_samsec.c      |    2 +-
 source3/auth/user_info.c         |    1 +
 source3/auth/user_krb5.c         |    1 +
 source3/include/proto.h          |    2 +-
 source3/libads/kerberos_keytab.c |    1 +
 source3/librpc/rpc/dcerpc_krb5.c |   51 +++++++++++++++++++------------------
 source3/printing/nt_printing.c   |    1 +
 9 files changed, 41 insertions(+), 30 deletions(-)


Changeset truncated at 500 lines:

diff --git a/auth/common_auth.h b/auth/common_auth.h
index 4ae5df9..c64b46c 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -17,8 +17,6 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "librpc/gen_ndr/krb5pac.h"
-
 #define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */
 #define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */
 #define USER_INFO_DONT_CHECK_UNIX_ACCOUNT   0x04 /* don't check unix account status */
diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl
index 48fddb7..c5da328 100644
--- a/librpc/idl/winreg.idl
+++ b/librpc/idl/winreg.idl
@@ -281,10 +281,18 @@ import "lsa.idl", "security.idl", "misc.idl";
 
 	/******************/
 	/* Function: 0x13 */
+
+	typedef [public,bitmap32bit] bitmap {
+		REG_WHOLE_HIVE_VOLATILE		= 0x00000001,
+		REG_REFRESH_HIVE 		= 0x00000002,
+		REG_NO_LAZY_FLUSH		= 0x00000004,
+		REG_FORCE_RESTORE		= 0x00000008
+	} winreg_RestoreKeyFlags;
+
 	WERROR winreg_RestoreKey(
 		[in,ref] policy_handle *handle,
 		[in,ref] winreg_String *filename,
-		[in]     uint32 flags 
+		[in]     winreg_RestoreKeyFlags flags
 	);
 
 	/******************/
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index 8460110..299f43a 100644
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -373,7 +373,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
 	NTSTATUS update_login_attempts_status;
 	DATA_BLOB user_sess_key = data_blob_null;
 	DATA_BLOB lm_sess_key = data_blob_null;
-	bool updated_autolock = False, updated_badpw = False;
+	bool updated_badpw = False;
 	const char *username;
 	const uint8_t *nt_pw;
 	const uint8_t *lm_pw;
diff --git a/source3/auth/user_info.c b/source3/auth/user_info.c
index d5319a4..3d4ee08 100644
--- a/source3/auth/user_info.c
+++ b/source3/auth/user_info.c
@@ -18,6 +18,7 @@
 */
 
 #include "includes.h"
+#include "librpc/gen_ndr/samr.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
index 580e71a..9d6b6a4 100644
--- a/source3/auth/user_krb5.c
+++ b/source3/auth/user_krb5.c
@@ -18,6 +18,7 @@
 */
 
 #include "includes.h"
+#include "librpc/gen_ndr/krb5pac.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 7af0d08..a49aa66 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4856,7 +4856,7 @@ const struct mangle_fns *posix_mangle_init(void);
 bool map_username(fstring user);
 
 /* The following definitions come from auth/user_krb5.c  */
-
+struct PAC_LOGON_INFO;
 NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
 				     const char *cli_name,
 				     const char *princ_name,
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 94698c6..721a8c6 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -756,6 +756,7 @@ int ads_keytab_list(const char *keytab_name)
 
 	ret = krb5_kt_start_seq_get(context, keytab, &cursor);
 	if (ret) {
+		ZERO_STRUCT(cursor);
 		goto out;
 	}
 
diff --git a/source3/librpc/rpc/dcerpc_krb5.c b/source3/librpc/rpc/dcerpc_krb5.c
index 561259a..2d39a45 100644
--- a/source3/librpc/rpc/dcerpc_krb5.c
+++ b/source3/librpc/rpc/dcerpc_krb5.c
@@ -27,7 +27,7 @@
 static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
 {
 	krb5_error_code ret;
-	krb5_kt_cursor kt_cursor = NULL;
+	krb5_kt_cursor kt_cursor;
 	krb5_keytab_entry kt_entry;
 
 	ZERO_STRUCT(kt_entry);
@@ -118,7 +118,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
 	krb5_keytab_entry kt_entry;
 	unsigned int i;
 
-	ret = krb5_get_permitted_enctypes(krbctx, &enctypes);
+	ret = get_kerberos_allowed_etypes(krbctx, &enctypes);
 	if (ret) {
 		DEBUG(1, (__location__
 			  ": Can't determine permitted enctypes!\n"));
@@ -128,10 +128,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
 	for (i = 0; enctypes[i]; i++) {
 		krb5_keyblock *key = NULL;
 
-		if (!(key = SMB_MALLOC_P(krb5_keyblock))) {
-			ret = ENOMEM;
-			goto out;
-		}
+		key = KRB5_KT_KEY(&kt_entry);
 
 		if (create_kerberos_key_from_string(krbctx, princ,
 						    password, key,
@@ -139,13 +136,11 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
 			DEBUG(10, ("Failed to create key for enctype %d "
 				   "(error: %s)\n",
 				   enctypes[i], error_message(ret)));
-			SAFE_FREE(key);
 			continue;
 		}
 
 		kt_entry.principal = princ;
 		kt_entry.vno = vno;
-		kt_entry.key = *key;
 
 		ret = krb5_kt_add_entry(krbctx, keytab, &kt_entry);
 		if (ret) {
@@ -175,7 +170,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
 	krb5_error_code ret;
 	char *pwd = NULL;
 	size_t pwd_len;
-	krb5_kt_cursor kt_cursor = NULL;
+	krb5_kt_cursor kt_cursor;
 	krb5_keytab_entry kt_entry;
 	krb5_data password;
 	krb5_principal princ = NULL;
@@ -205,6 +200,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
 	}
 
 	ZERO_STRUCT(kt_entry);
+	ZERO_STRUCT(kt_cursor);
 
 	/* check if the keytab already has any entry */
 	ret = krb5_kt_start_seq_get(krbctx, *keytab, &kt_cursor);
@@ -214,7 +210,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
 		 * we can verify if the keytab needs to be upgraded */
 		while ((ret = krb5_kt_next_entry(krbctx, *keytab,
 					   &kt_entry, &kt_cursor)) == 0) {
-			if (kt_entry.key.enctype == CLEARTEXT_PRIV_ENCTYPE) {
+			if (smb_get_enctype_from_kt_entry(&kt_entry) == CLEARTEXT_PRIV_ENCTYPE) {
 				break;
 			}
 			smb_krb5_kt_free_entry(krbctx, &kt_entry);
@@ -232,8 +228,8 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
 			/* found private entry,
 			 * check if keytab is up to date */
 
-			if ((pwd_len == kt_entry.key.length) &&
-			    (memcmp(kt_entry.key.contents,
+			if ((pwd_len == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) &&
+			    (memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)),
 						pwd, pwd_len) == 0)) {
 				/* keytab is already up to date, return */
 				smb_krb5_kt_free_entry(krbctx, &kt_entry);
@@ -254,11 +250,13 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
 		}
 	}
 
-	if (kt_cursor) {
-		/* stop enumeration and free cursor */
-		krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
-		kt_cursor = NULL;
-	}
+	{
+		krb5_kt_cursor zero_csr;
+		ZERO_STRUCT(zero_csr);
+		if ((memcmp(&kt_cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) && *keytab) {
+			krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
+		}
+        }
 
 	/* keytab is not up to date, fill it up */
 
@@ -297,9 +295,10 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
 	ZERO_STRUCT(kt_entry);
 	kt_entry.principal = princ;
 	kt_entry.vno = 0;
-	kt_entry.key.enctype = CLEARTEXT_PRIV_ENCTYPE;
-	kt_entry.key.length = pwd_len;
-	kt_entry.key.contents = (uint8_t *)pwd;
+
+	KRB5_KEY_TYPE(KRB5_KT_KEY(&kt_entry)) = CLEARTEXT_PRIV_ENCTYPE;
+	KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry)) = pwd_len;
+	KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)) = (uint8_t *)pwd;
 
 	ret = krb5_kt_add_entry(krbctx, *keytab, &kt_entry);
 	if (ret) {
@@ -315,11 +314,13 @@ out:
 	SAFE_FREE(pwd);
 	SAFE_FREE(pwd_old);
 
-	if (kt_cursor) {
-		/* stop enumeration and free cursor */
-		krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
-		kt_cursor = NULL;
-	}
+	{
+		krb5_kt_cursor zero_csr;
+		ZERO_STRUCT(zero_csr);
+		if ((memcmp(&kt_cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) && *keytab) {
+			krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
+		}
+        }
 
 	if (princ) {
 		krb5_free_principal(krbctx, princ);
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 0b23a97..97899fd 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -642,6 +642,7 @@ static uint32 get_correct_cversion(struct pipes_struct *p,
 
 	nt_status = vfs_file_exist(conn, smb_fname);
 	if (!NT_STATUS_IS_OK(nt_status)) {
+		DEBUG(3,("get_correct_cversion: vfs_file_exist failed\n"));
 		*perr = WERR_BADFILE;
 		goto error_exit;
 	}


-- 
Samba Shared Repository


More information about the samba-cvs mailing list