[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Nov 26 23:39:02 MST 2014
The branch, master has been updated
via 82c0ecb gse_krb5: Avoid a segfault when we can not read the dedicated keytab file
via 5ab6fa1 lib/param: Allow enum values to also be white-space insentive in comparison
from 9cef81d wbinfo: create a more comprehensive test for sids2xids
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 82c0ecbb2c45b9a38792ef9e5428522abc3dc71e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 27 17:13:23 2014 +1300
gse_krb5: Avoid a segfault when we can not read the dedicated keytab file
This improved code simply cleans up the memory as soon as possible,
rather than using memcmp(). Otherwise, we segfault if
krb5_kt_start_seq_get fails, as it can set the fd element in the
handle to -1.
Change-Id: Ib4821ef944a7e12cd8a891ae07dbfc0567c65495
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 27 07:38:02 CET 2014 on sn-devel-104
commit 5ab6fa18a4e5fffd10c46824dbcd04dd87bbf2f4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 27 17:08:30 2014 +1300
lib/param: Allow enum values to also be white-space insentive in comparison
This makes it easier to specify these in the --option= syntax on the command line.
Change-Id: I6b2398d79d37407c5d82cd6b540651ede1d09106
Pair-Programmed-with: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/param/loadparm.c | 2 +-
source3/librpc/crypto/gse_krb5.c | 41 ++++++-----------------------
source3/script/tests/test_ntlm_auth_krb5.sh | 1 +
3 files changed, 10 insertions(+), 34 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 1a60b99..7df4608 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -1049,7 +1049,7 @@ bool lp_set_enum_parm( struct parm_struct *parm, const char *pszParmValue,
int i;
for (i = 0; parm->enum_list[i].name; i++) {
- if ( strequal(pszParmValue, parm->enum_list[i].name)) {
+ if (strwicmp(pszParmValue, parm->enum_list[i].name) == 0) {
*ptr = parm->enum_list[i].value;
return true;
}
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index 43f545a..3597329 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -494,15 +494,12 @@ static krb5_error_code fill_mem_keytab_from_dedicated_keytab(krb5_context krbctx
krb5_kt_cursor kt_cursor;
krb5_keytab_entry kt_entry;
- ZERO_STRUCT(kt_entry);
- ZERO_STRUCT(kt_cursor);
-
ret = smb_krb5_open_keytab(krbctx, lp_dedicated_keytab_file(),
false, &keytab);
if (ret) {
DEBUG(1, (__location__ ": smb_krb5_open_keytab failed (%s)\n",
error_message(ret)));
- goto out;
+ return ret;
}
/*
@@ -522,43 +519,21 @@ static krb5_error_code fill_mem_keytab_from_dedicated_keytab(krb5_context krbctx
&kt_entry, &kt_cursor) == 0)) {
ret = krb5_kt_add_entry(krbctx, *mkeytab, &kt_entry);
+
+ /* Free the entry we just read. */
+ smb_krb5_kt_free_entry(krbctx, &kt_entry);
+
if (ret) {
DEBUG(1, (__location__ ": smb_krb5_unparse_name "
"failed (%s)\n", error_message(ret)));
- goto out;
+ break;
}
-
- /* Free the entry we just read. */
- smb_krb5_kt_free_entry(krbctx, &kt_entry);
- ZERO_STRUCT(kt_entry);
}
krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
- ZERO_STRUCT(kt_cursor);
-
out:
-
- {
- krb5_keytab_entry zero_kt_entry;
- ZERO_STRUCT(zero_kt_entry);
- if (memcmp(&zero_kt_entry, &kt_entry,
- sizeof(krb5_keytab_entry))) {
- smb_krb5_kt_free_entry(krbctx, &kt_entry);
- }
- }
-
- {
- krb5_kt_cursor zero_csr;
- ZERO_STRUCT(zero_csr);
- if ((memcmp(&kt_cursor, &zero_csr,
- sizeof(krb5_kt_cursor)) != 0) && keytab) {
- krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
- }
- }
-
- if (keytab) {
- krb5_kt_close(krbctx, keytab);
- }
+
+ krb5_kt_close(krbctx, keytab);
return ret;
}
diff --git a/source3/script/tests/test_ntlm_auth_krb5.sh b/source3/script/tests/test_ntlm_auth_krb5.sh
index 5989d01..773cb57 100755
--- a/source3/script/tests/test_ntlm_auth_krb5.sh
+++ b/source3/script/tests/test_ntlm_auth_krb5.sh
@@ -27,5 +27,6 @@ export KRB5CCNAME
testit "ntlm_auth with krb5 gss-spnego-client and gss-spnego server" $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --target-hostname=$SERVER --target-service=host --client-helper=gss-spnego-client --server-helper=gss-spnego --server-use-winbindd || failed=`expr $failed + 1`
+echo YR| testit "ntlm_auth with krb5 and an invalid keytab" $NTLM_AUTH --helper-protocol=gss-spnego --option=security=ads --option=kerberosmethod='dedicatedkeytab' --option=dedicatedkeytabfile=FILE:`pwd`/$CCACHE.keytab-does-not-exist || failed=`expr $failed + 1`
testok $0 $failed
--
Samba Shared Repository
More information about the samba-cvs
mailing list