[SCM] Samba Shared Repository - branch master updated
Christof Schmitt
cs at samba.org
Wed May 7 16:55:03 MDT 2014
The branch, master has been updated
via a5b96ee s3-krb5: Limit search for old kvno to 8bits
from 7736c96 param: Use an explicit talloc_stackframe() in lp_load_ex for clarity and certainty
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a5b96ee5fb97528767fc63aa8e70a314686ee38a
Author: Christof Schmitt <cs at samba.org>
Date: Tue May 6 16:48:07 2014 -0700
s3-krb5: Limit search for old kvno to 8bits
Some keytab files store the kvno only in 8bits. Limit the compare to
8bits, so that we don't miss old keys and delete them. This fixes the
problem that updates to the keytab file removed all previous keys.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Simo Sorce <idra at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Thu May 8 00:54:15 CEST 2014 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/libads/kerberos_keytab.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 83df088..6a1ba75 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -49,6 +49,7 @@ static krb5_error_code seek_and_delete_old_entries(krb5_context context,
krb5_keytab_entry kt_entry;
krb5_keytab_entry zero_kt_entry;
char *ktprinc = NULL;
+ krb5_kvno old_kvno = kvno - 1;
ZERO_STRUCT(cursor);
ZERO_STRUCT(zero_csr);
@@ -115,12 +116,14 @@ static krb5_error_code seek_and_delete_old_entries(krb5_context context,
* changes, all kerberizied sessions will 'break' until either
* the client reboots or the client's session key expires and
* they get a new session ticket with the new kvno.
+ * Some keytab files only store the kvno in 8bits, limit
+ * the compare accordingly.
*/
- if (!flush && (kt_entry.vno == kvno - 1)) {
+ if (!flush && ((kt_entry.vno & 0xff) == (old_kvno & 0xff))) {
DEBUG(5, (__location__ ": Saving previous (kvno %d) "
"entry for principal: %s.\n",
- kvno - 1, princ_s));
+ old_kvno, princ_s));
continue;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list