[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Feb 10 04:37:03 MST 2012
The branch, master has been updated
via d2ccaaa gensec: explain gensec_use_kerberos_mechs() logic
via 93f3fc5 gensec: set flag to continue in outer for loop in gensec_use_kerberos_mechs
via 901e3b7 Revert "gensec: Fix a memory corruption in gensec_use_kerberos_mechs"
from 919440f selftest: mark posix_s3.rpc.spoolss.printer as flakey test
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d2ccaaad20a22a5a09f883809945827dabbc65a7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 10 20:54:18 2012 +1100
gensec: explain gensec_use_kerberos_mechs() logic
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Fri Feb 10 12:36:23 CET 2012 on sn-devel-104
commit 93f3fc54e462958c3bc88ebf586be99fb703347b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 10 08:13:40 2012 +1100
gensec: set flag to continue in outer for loop in gensec_use_kerberos_mechs
This should be the correct fix for the valgrind erorr Volker found in
744ed53a62037a659133ccd4de2065491208ae7d. This fix avoids putting
SPNEGO into the list twice when we are in the CRED_DONT_USE_KERBEROS
case.
Andrew Bartlett
commit 901e3b7246de9bdc07e2b3d88f55917bf2a37377
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 10 08:07:21 2012 +1100
Revert "gensec: Fix a memory corruption in gensec_use_kerberos_mechs"
This reverts commit 744ed53a62037a659133ccd4de2065491208ae7d.
The real bug here is that the second half of the outer loop should not
have been run once we found spnego.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec_start.c | 26 ++++++++++++++++++++++----
1 files changed, 22 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index ab092a7..d3145ec 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -50,7 +50,22 @@ bool gensec_security_ops_enabled(struct gensec_security_ops *ops, struct gensec_
/* Sometimes we want to force only kerberos, sometimes we want to
* force it's avoidance. The old list could be either
* gensec_security_all(), or from cli_credentials_gensec_list() (ie,
- * an existing list we have trimmed down) */
+ * an existing list we have trimmed down)
+ *
+ * The intended logic is:
+ *
+ * if we are in the default AUTO have kerberos:
+ * - take a reference to the master list
+ * otherwise
+ * - always add spnego then:
+ * - if we 'MUST' have kerberos:
+ * only add kerberos mechs
+ * - if we 'DONT' want kerberos':
+ * only add non-kerberos mechs
+ *
+ * Once we get things like NegoEx or moonshot, this will of course get
+ * more compplex.
+ */
_PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_ctx,
struct gensec_security_ops **old_gensec_list,
@@ -75,8 +90,7 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
/* noop */
}
- new_gensec_list = talloc_array(mem_ctx, struct gensec_security_ops *,
- num_mechs_in*2 + 1);
+ new_gensec_list = talloc_array(mem_ctx, struct gensec_security_ops *, num_mechs_in + 1);
if (!new_gensec_list) {
return NULL;
}
@@ -84,14 +98,18 @@ _PUBLIC_ struct gensec_security_ops **gensec_use_kerberos_mechs(TALLOC_CTX *mem_
j = 0;
for (i=0; old_gensec_list && old_gensec_list[i]; i++) {
int oid_idx;
-
+ bool found_spnego = false;
for (oid_idx = 0; old_gensec_list[i]->oid && old_gensec_list[i]->oid[oid_idx]; oid_idx++) {
if (strcmp(old_gensec_list[i]->oid[oid_idx], GENSEC_OID_SPNEGO) == 0) {
new_gensec_list[j] = old_gensec_list[i];
j++;
+ found_spnego = true;
break;
}
}
+ if (found_spnego) {
+ continue;
+ }
switch (use_kerberos) {
case CRED_DONT_USE_KERBEROS:
if (old_gensec_list[i]->kerberos == false) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list