[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Tue Aug 31 15:17:24 MDT 2010
The branch, master has been updated
via e5c7ec6 winreg: add winreg_RestoreKeyFlags to IDL.
via 95f9542 s3-auth: remove global include of krb5pac.h.
via 16c2d91 s3-printing: add debug to get_correct_cversion().
via bf3912b s3-libads: avoid crashing in ads_keytab_list().
via d5436c6 s3-auth: remove unused variable in check_sam_security().
via d8c9756 s3-kerberos: use more krb5 compat macros in get_mem_keytab_from_secrets().
via 765bee9 s3-kerberos: use smb_get_enctype_from_kt_entry() in get_mem_keytab_from_secrets().
via e26a936 s3-kerberos: use get_kerberos_allowed_etypes in fill_keytab_from_password().
via 9986d25 s3-kerberos: use krb5 compat macros in fill_keytab_from_password().
via 3d78279 s3-kerberos: fix flush_keytab() compile with heimdal.
from a20e94b Revert "s4/heimdal_build: use GetTimeOfDay macro instead of gettimeofday"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e5c7ec66982e6d2705c7a103aff5502f441404bb
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 31 16:58:23 2010 +0200
winreg: add winreg_RestoreKeyFlags to IDL.
Guenther
commit 95f9542e055d027adeb596a2c67fe48add77033c
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 31 23:09:39 2010 +0200
s3-auth: remove global include of krb5pac.h.
Guenther
commit 16c2d9182d0c0ff55eba4d8bce2931b579b00339
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 31 16:58:54 2010 +0200
s3-printing: add debug to get_correct_cversion().
Guenther
commit bf3912be46b2cac71a1ff89f548b9e3528872c6c
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 31 14:27:56 2010 +0200
s3-libads: avoid crashing in ads_keytab_list().
Heimdal's krb5_kt_start_seq_get() will leave a non 0 fd in the krb5_kt_cursor
struct when it cannot find a given keytab.
Guenther
commit d5436c650c806bb04424205b1d5c9c699b051d7d
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 31 17:25:18 2010 +0200
s3-auth: remove unused variable in check_sam_security().
Guenther
commit d8c9756d539f9a869bd09fb67b3adcbd2a6a0fc0
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 31 22:28:00 2010 +0200
s3-kerberos: use more krb5 compat macros in get_mem_keytab_from_secrets().
Guenther
commit 765bee9d7a2ea990db37e7811fe449af3c61e7a0
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 31 22:27:32 2010 +0200
s3-kerberos: use smb_get_enctype_from_kt_entry() in
get_mem_keytab_from_secrets().
Guenther
commit e26a9363335fa0c6e72f46531395bf0f9d950e83
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 31 11:04:40 2010 +0200
s3-kerberos: use get_kerberos_allowed_etypes in fill_keytab_from_password().
Guenther
commit 9986d25ed195ee77bd73c96f057c527b4c3a8f03
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 31 11:00:03 2010 +0200
s3-kerberos: use krb5 compat macros in fill_keytab_from_password().
Guenther
commit 3d78279fd437a5ef5b4ed7ff88c1f605cd0999d9
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 31 11:01:23 2010 +0200
s3-kerberos: fix flush_keytab() compile with heimdal.
krb5_kt_cursor is not a pointer in heimdal but a struct.
Guenther
-----------------------------------------------------------------------
Summary of changes:
auth/common_auth.h | 2 -
librpc/idl/winreg.idl | 10 ++++++-
source3/auth/check_samsec.c | 2 +-
source3/auth/user_info.c | 1 +
source3/auth/user_krb5.c | 1 +
source3/include/proto.h | 2 +-
source3/libads/kerberos_keytab.c | 1 +
source3/librpc/rpc/dcerpc_krb5.c | 51 +++++++++++++++++++------------------
source3/printing/nt_printing.c | 1 +
9 files changed, 41 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/common_auth.h b/auth/common_auth.h
index 4ae5df9..c64b46c 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -17,8 +17,6 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "librpc/gen_ndr/krb5pac.h"
-
#define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */
#define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */
#define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* don't check unix account status */
diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl
index 48fddb7..c5da328 100644
--- a/librpc/idl/winreg.idl
+++ b/librpc/idl/winreg.idl
@@ -281,10 +281,18 @@ import "lsa.idl", "security.idl", "misc.idl";
/******************/
/* Function: 0x13 */
+
+ typedef [public,bitmap32bit] bitmap {
+ REG_WHOLE_HIVE_VOLATILE = 0x00000001,
+ REG_REFRESH_HIVE = 0x00000002,
+ REG_NO_LAZY_FLUSH = 0x00000004,
+ REG_FORCE_RESTORE = 0x00000008
+ } winreg_RestoreKeyFlags;
+
WERROR winreg_RestoreKey(
[in,ref] policy_handle *handle,
[in,ref] winreg_String *filename,
- [in] uint32 flags
+ [in] winreg_RestoreKeyFlags flags
);
/******************/
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index 8460110..299f43a 100644
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -373,7 +373,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
NTSTATUS update_login_attempts_status;
DATA_BLOB user_sess_key = data_blob_null;
DATA_BLOB lm_sess_key = data_blob_null;
- bool updated_autolock = False, updated_badpw = False;
+ bool updated_badpw = False;
const char *username;
const uint8_t *nt_pw;
const uint8_t *lm_pw;
diff --git a/source3/auth/user_info.c b/source3/auth/user_info.c
index d5319a4..3d4ee08 100644
--- a/source3/auth/user_info.c
+++ b/source3/auth/user_info.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/samr.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
index 580e71a..9d6b6a4 100644
--- a/source3/auth/user_krb5.c
+++ b/source3/auth/user_krb5.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "librpc/gen_ndr/krb5pac.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 7af0d08..a49aa66 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4856,7 +4856,7 @@ const struct mangle_fns *posix_mangle_init(void);
bool map_username(fstring user);
/* The following definitions come from auth/user_krb5.c */
-
+struct PAC_LOGON_INFO;
NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
const char *cli_name,
const char *princ_name,
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 94698c6..721a8c6 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -756,6 +756,7 @@ int ads_keytab_list(const char *keytab_name)
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if (ret) {
+ ZERO_STRUCT(cursor);
goto out;
}
diff --git a/source3/librpc/rpc/dcerpc_krb5.c b/source3/librpc/rpc/dcerpc_krb5.c
index 561259a..2d39a45 100644
--- a/source3/librpc/rpc/dcerpc_krb5.c
+++ b/source3/librpc/rpc/dcerpc_krb5.c
@@ -27,7 +27,7 @@
static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
{
krb5_error_code ret;
- krb5_kt_cursor kt_cursor = NULL;
+ krb5_kt_cursor kt_cursor;
krb5_keytab_entry kt_entry;
ZERO_STRUCT(kt_entry);
@@ -118,7 +118,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
krb5_keytab_entry kt_entry;
unsigned int i;
- ret = krb5_get_permitted_enctypes(krbctx, &enctypes);
+ ret = get_kerberos_allowed_etypes(krbctx, &enctypes);
if (ret) {
DEBUG(1, (__location__
": Can't determine permitted enctypes!\n"));
@@ -128,10 +128,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
for (i = 0; enctypes[i]; i++) {
krb5_keyblock *key = NULL;
- if (!(key = SMB_MALLOC_P(krb5_keyblock))) {
- ret = ENOMEM;
- goto out;
- }
+ key = KRB5_KT_KEY(&kt_entry);
if (create_kerberos_key_from_string(krbctx, princ,
password, key,
@@ -139,13 +136,11 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
DEBUG(10, ("Failed to create key for enctype %d "
"(error: %s)\n",
enctypes[i], error_message(ret)));
- SAFE_FREE(key);
continue;
}
kt_entry.principal = princ;
kt_entry.vno = vno;
- kt_entry.key = *key;
ret = krb5_kt_add_entry(krbctx, keytab, &kt_entry);
if (ret) {
@@ -175,7 +170,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
krb5_error_code ret;
char *pwd = NULL;
size_t pwd_len;
- krb5_kt_cursor kt_cursor = NULL;
+ krb5_kt_cursor kt_cursor;
krb5_keytab_entry kt_entry;
krb5_data password;
krb5_principal princ = NULL;
@@ -205,6 +200,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
}
ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(kt_cursor);
/* check if the keytab already has any entry */
ret = krb5_kt_start_seq_get(krbctx, *keytab, &kt_cursor);
@@ -214,7 +210,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
* we can verify if the keytab needs to be upgraded */
while ((ret = krb5_kt_next_entry(krbctx, *keytab,
&kt_entry, &kt_cursor)) == 0) {
- if (kt_entry.key.enctype == CLEARTEXT_PRIV_ENCTYPE) {
+ if (smb_get_enctype_from_kt_entry(&kt_entry) == CLEARTEXT_PRIV_ENCTYPE) {
break;
}
smb_krb5_kt_free_entry(krbctx, &kt_entry);
@@ -232,8 +228,8 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
/* found private entry,
* check if keytab is up to date */
- if ((pwd_len == kt_entry.key.length) &&
- (memcmp(kt_entry.key.contents,
+ if ((pwd_len == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) &&
+ (memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)),
pwd, pwd_len) == 0)) {
/* keytab is already up to date, return */
smb_krb5_kt_free_entry(krbctx, &kt_entry);
@@ -254,11 +250,13 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
}
}
- if (kt_cursor) {
- /* stop enumeration and free cursor */
- krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
- kt_cursor = NULL;
- }
+ {
+ krb5_kt_cursor zero_csr;
+ ZERO_STRUCT(zero_csr);
+ if ((memcmp(&kt_cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) && *keytab) {
+ krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
+ }
+ }
/* keytab is not up to date, fill it up */
@@ -297,9 +295,10 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
ZERO_STRUCT(kt_entry);
kt_entry.principal = princ;
kt_entry.vno = 0;
- kt_entry.key.enctype = CLEARTEXT_PRIV_ENCTYPE;
- kt_entry.key.length = pwd_len;
- kt_entry.key.contents = (uint8_t *)pwd;
+
+ KRB5_KEY_TYPE(KRB5_KT_KEY(&kt_entry)) = CLEARTEXT_PRIV_ENCTYPE;
+ KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry)) = pwd_len;
+ KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)) = (uint8_t *)pwd;
ret = krb5_kt_add_entry(krbctx, *keytab, &kt_entry);
if (ret) {
@@ -315,11 +314,13 @@ out:
SAFE_FREE(pwd);
SAFE_FREE(pwd_old);
- if (kt_cursor) {
- /* stop enumeration and free cursor */
- krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
- kt_cursor = NULL;
- }
+ {
+ krb5_kt_cursor zero_csr;
+ ZERO_STRUCT(zero_csr);
+ if ((memcmp(&kt_cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) && *keytab) {
+ krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
+ }
+ }
if (princ) {
krb5_free_principal(krbctx, princ);
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 0b23a97..97899fd 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -642,6 +642,7 @@ static uint32 get_correct_cversion(struct pipes_struct *p,
nt_status = vfs_file_exist(conn, smb_fname);
if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(3,("get_correct_cversion: vfs_file_exist failed\n"));
*perr = WERR_BADFILE;
goto error_exit;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list