[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Fri Aug 8 11:02:04 MDT 2014 

The branch, master has been updated
       via  0e45b40 s4-auth: Initialize the tokens by default.
       via  abcc290 krb5_wrap: Use com_err in krb5_warnx.
       via  cef0ee2 s4-dsdb/cracknames: free realm from smb_krb5_principal_get_realm().
       via  d9167c3 s3-libads/krb5_setpw: free realm from smb_krb5_principal_get_realm().
       via  496bbd1 lib/krb5_wrap: make sure smb_krb5_principal_get_realm returns a malloced string.
       via  3913961 wscript: Only build gensec_krb5 with heimdal.
      from  1ad71f7 printing: reload printer shares on OpenPrinter

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 0e45b4051185ba57de25c1e53cba48b9e5d50c15
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Jul 18 12:57:20 2014 +0200

    s4-auth: Initialize the tokens by default.
    
    Found with valgrind.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Pair-Programmed-With: Guenther Deschner <gd at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Fri Aug  8 19:01:56 CEST 2014 on sn-devel-104

commit abcc290e9adf06145133868e608c301a3b60e796
Author: Andreas Schneider <asn at samba.org>
Date:   Tue May 20 14:30:16 2014 +0200

    krb5_wrap: Use com_err in krb5_warnx.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit cef0ee28ecae9b7e3126b7f3739501c4c9802ca2
Author: Günther Deschner <gd at samba.org>
Date:   Thu May 15 09:46:21 2014 +0200

    s4-dsdb/cracknames: free realm from smb_krb5_principal_get_realm().
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit d9167c3044b9a4ebe0da3d4019eb9fa95242e3b9
Author: Günther Deschner <gd at samba.org>
Date:   Thu May 15 09:45:32 2014 +0200

    s3-libads/krb5_setpw: free realm from smb_krb5_principal_get_realm().
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 496bbd12b3dd388221334bc02a4cff21ef23b752
Author: Günther Deschner <gd at samba.org>
Date:   Thu May 15 09:44:23 2014 +0200

    lib/krb5_wrap: make sure smb_krb5_principal_get_realm returns a malloced string.
    
    Guenther
    
    Signed-off-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 391396154620ddc897bf918abde69c8aea5046c9
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Aug 7 15:28:57 2014 +0200

    wscript: Only build gensec_krb5 with heimdal.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/krb5_wrap/krb5_samba.c          |   15 ++++++++++-----
 source3/libads/krb5_setpw.c         |    8 +++++---
 source4/auth/gensec/gensec_gssapi.c |    4 +++-
 source4/auth/gensec/wscript_build   |    2 +-
 source4/dsdb/samdb/cracknames.c     |    7 ++++---
 5 files changed, 23 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index a3743ae..39926a6 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -25,6 +25,10 @@
 #include "krb5_samba.h"
 #include "lib/util/asn1.h"
 
+#ifdef HAVE_COM_ERR_H
+#include <com_err.h>
+#endif /* HAVE_COM_ERR_H */
+
 #ifndef KRB5_AUTHDATA_WIN2K_PAC
 #define KRB5_AUTHDATA_WIN2K_PAC 128
 #endif
@@ -2297,19 +2301,21 @@ krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
  * @param[in] principal		The principal
  * @return pointer to the realm
  *
+ * Caller must free if the return value is not NULL.
+ *
  */
 
 char *smb_krb5_principal_get_realm(krb5_context context,
 				   krb5_const_principal principal)
 {
 #ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */
-	return discard_const_p(char, krb5_principal_get_realm(context, principal));
+	return strdup(discard_const_p(char, krb5_principal_get_realm(context, principal)));
 #elif defined(krb5_princ_realm) /* MIT */
 	krb5_data *realm;
 	realm = krb5_princ_realm(context, principal);
-	return discard_const_p(char, realm->data);
+	return strndup(realm->data, realm->length);
 #else
-	return NULL;
+#error UNKNOWN_GET_PRINC_REALM_FUNCTIONS
 #endif
 }
 
@@ -2607,8 +2613,7 @@ krb5_error_code krb5_warnx(krb5_context context, const char *fmt, ...)
 	va_list args;
 
 	va_start(args, fmt);
-	DEBUG(1,(fmt, args));
-	DEBUGADD(1,("\n"));
+	com_err_va("kdb_samba", errno, fmt, args);
 	va_end(args);
 
 	return 0;
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index d84dd5d..d27e55b 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -575,7 +575,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 	ADS_STATUS aret;
 	krb5_error_code ret = 0;
 	krb5_context context = NULL;
-	const char *realm = NULL;
+	char *realm = NULL;
 	unsigned int realm_len = 0;
 	krb5_creds creds, *credsp = NULL;
 	krb5_ccache ccache = NULL;
@@ -615,7 +615,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 				   &creds.server,
 				   realm_len,
 				   realm, "kadmin", "changepw", NULL);
-
+	free(realm);
 	ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
 	if (ret) {
 		krb5_cc_close(context, ccache);
@@ -692,7 +692,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
     krb5_get_init_creds_opt opts;
     krb5_creds creds;
     char *chpw_princ = NULL, *password;
-    const char *realm = NULL;
+    char *realm = NULL;
 
     initialize_krb5_error_table();
     ret = krb5_init_context(&context);
@@ -719,10 +719,12 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
     /* We have to obtain an INITIAL changepw ticket for changing password */
     if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
 	krb5_free_context(context);
+	free(realm);
 	DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
 	return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
     }
 
+    free(realm);
     password = SMB_STRDUP(oldpw);
     ret = krb5_get_init_creds_password(context, &creds, princ, password,
 					   kerb_prompter, NULL, 
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index fdae2a8..91cbfcd 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -425,7 +425,9 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security *gensec_security,
 	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
 	OM_uint32 maj_stat, min_stat;
 	OM_uint32 min_stat2;
-	gss_buffer_desc input_token, output_token;
+	gss_buffer_desc input_token = { 0, NULL };
+	gss_buffer_desc output_token = { 0, NULL };
+
 	gss_OID gss_oid_p = NULL;
 	OM_uint32 time_req = 0;
 	OM_uint32 time_rec = 0;
diff --git a/source4/auth/gensec/wscript_build b/source4/auth/gensec/wscript_build
index df633d4..1a44a90 100755
--- a/source4/auth/gensec/wscript_build
+++ b/source4/auth/gensec/wscript_build
@@ -11,7 +11,7 @@ bld.SAMBA_MODULE('gensec_krb5',
 	init_function='gensec_krb5_init',
 	deps='samba-credentials authkrb5 com_err gensec_util',
 	internal_module=False,
-        enabled=bld.AD_DC_BUILD_IS_ENABLED()
+        enabled=bld.AD_DC_BUILD_IS_ENABLED() and bld.CONFIG_SET('SAMBA4_USES_HEIMDAL')
 	)
 
 
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 5e97efc..7c189d3 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -56,7 +56,7 @@ static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx, struct smb_krb5_con
 	krb5_error_code ret;
 	krb5_principal principal;
 	/* perhaps it's a principal with a realm, so return the right 'domain only' response */
-	const char *realm;
+	char *realm;
 	ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name, 
 				    KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &principal);
 	if (ret) {
@@ -64,11 +64,11 @@ static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx, struct smb_krb5_con
 		return WERR_OK;
 	}
 
-	/* This isn't an allocation assignemnt, so it is free'ed with the krb5_free_principal */
 	realm = smb_krb5_principal_get_realm(smb_krb5_context->krb5_context, principal);
 
 	info1->dns_domain_name	= talloc_strdup(mem_ctx, realm);
 	krb5_free_principal(smb_krb5_context->krb5_context, principal);
+	free(realm);
 
 	W_ERROR_HAVE_NO_MEMORY(info1->dns_domain_name);
 
@@ -271,7 +271,7 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
 	const char *result_filter = NULL;
 	krb5_error_code ret;
 	krb5_principal principal;
-	const char *realm;
+	char *realm;
 	char *unparsed_name_short;
 	const char *domain_attrs[] = { NULL };
 	struct ldb_result *domain_res = NULL;
@@ -301,6 +301,7 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
 			     ldb_binary_encode_string(mem_ctx, realm),
 			     LDB_OID_COMPARATOR_AND,
 			     SYSTEM_FLAG_CR_NTDS_DOMAIN);
+	free(realm);
 
 	if (ldb_ret != LDB_SUCCESS) {
 		DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s\n", ldb_errstring(sam_ctx)));


-- 
Samba Shared Repository

More information about the samba-cvs mailing list