[SCM] Samba Shared Repository - branch master updated

Christof Schmitt cs at samba.org
Wed May 7 16:55:03 MDT 2014 

The branch, master has been updated
       via  a5b96ee s3-krb5: Limit search for old kvno to 8bits
      from  7736c96 param: Use an explicit talloc_stackframe() in lp_load_ex for clarity and certainty

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a5b96ee5fb97528767fc63aa8e70a314686ee38a
Author: Christof Schmitt <cs at samba.org>
Date:   Tue May 6 16:48:07 2014 -0700

    s3-krb5: Limit search for old kvno to 8bits
    
    Some keytab files store the kvno only in 8bits. Limit the compare to
    8bits, so that we don't miss old keys and delete them. This fixes the
    problem that updates to the keytab file removed all previous keys.
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Simo Sorce <idra at samba.org>
    
    Autobuild-User(master): Christof Schmitt <cs at samba.org>
    Autobuild-Date(master): Thu May  8 00:54:15 CEST 2014 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/libads/kerberos_keytab.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 83df088..6a1ba75 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -49,6 +49,7 @@ static krb5_error_code seek_and_delete_old_entries(krb5_context context,
 	krb5_keytab_entry kt_entry;
 	krb5_keytab_entry zero_kt_entry;
 	char *ktprinc = NULL;
+	krb5_kvno old_kvno = kvno - 1;
 
 	ZERO_STRUCT(cursor);
 	ZERO_STRUCT(zero_csr);
@@ -115,12 +116,14 @@ static krb5_error_code seek_and_delete_old_entries(krb5_context context,
 		 * changes, all kerberizied sessions will 'break' until either
 		 * the client reboots or the client's session key expires and
 		 * they get a new session ticket with the new kvno.
+		 * Some keytab files only store the kvno in 8bits, limit
+		 * the compare accordingly.
 		 */
 
-		if (!flush && (kt_entry.vno == kvno - 1)) {
+		if (!flush && ((kt_entry.vno & 0xff) == (old_kvno & 0xff))) {
 			DEBUG(5, (__location__ ": Saving previous (kvno %d) "
 				  "entry for principal: %s.\n",
-				  kvno - 1, princ_s));
+				  old_kvno, princ_s));
 			continue;
 		}
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list