[SCM] Samba Shared Repository - branch master updated

Günther Deschner gd at samba.org
Fri Oct 2 05:30:03 UTC 2015 

The branch, master has been updated
       via  6755376 kerberos: make sure we only use prompter type when available.
      from  e524ab9 winbind: Fix 100% loop

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6755376cedaf0c88230b47e04c584c7d9fce13e3
Author: Günther Deschner <gd at samba.org>
Date:   Fri Oct 2 04:23:59 2015 +0200

    kerberos: make sure we only use prompter type when available.
    
    We also verified that we cannot simply remove the prompter as several older
    versions of Heimdal would crash.
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Fri Oct  2 07:29:43 CEST 2015 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/libads/kerberos.c               | 12 +++++++++++-
 source4/heimdal_build/wscript_configure |  1 +
 wscript_configure_system_mitkrb5        |  2 ++
 3 files changed, 14 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 7fe864b..9a7a1e7 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -47,6 +47,16 @@ kerb_prompter(krb5_context ctx, void *data,
 	       krb5_prompt prompts[])
 {
 	if (num_prompts == 0) return 0;
+#if HAVE_KRB5_PROMPT_TYPE
+
+	/*
+	 * only heimdal has a prompt type and we need to deal with it here to
+	 * avoid loops.
+	 *
+	 * removing the prompter completely is not an option as at least these
+	 * versions would crash: heimdal-1.0.2 and heimdal-1.1. Later heimdal
+	 * version have looping detection and return with a proper error code.
+	 */
 
 	if ((num_prompts == 2) &&
 	    (prompts[0].type == KRB5_PROMPT_TYPE_NEW_PASSWORD) &&
@@ -63,7 +73,7 @@ kerb_prompter(krb5_context ctx, void *data,
 		 */
 		return KRB5KDC_ERR_KEY_EXPIRED;
 	}
-
+#endif /* HAVE_KRB5_PROMPT_TYPE */
 	memset(prompts[0].reply->data, '\0', prompts[0].reply->length);
 	if (prompts[0].reply->length > 0) {
 		if (data) {
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 710a53d..2635b8a 100755
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -168,6 +168,7 @@ conf.define('HAVE_KRB5_PRINCIPAL_SET_REALM', 1)
 conf.define('HAVE_KRB5_PRINCIPAL_SET_TYPE', 1)
 conf.define('HAVE_KRB5_PRINCIPAL_GET_TYPE', 1)
 conf.define('HAVE_KRB5_WARNX', 1)
+conf.define('HAVE_KRB5_PROMPT_TYPE', 1)
 
 heimdal_includedirs = []
 heimdal_libdirs = []
diff --git a/wscript_configure_system_mitkrb5 b/wscript_configure_system_mitkrb5
index 351e9d8..4b3a69f 100644
--- a/wscript_configure_system_mitkrb5
+++ b/wscript_configure_system_mitkrb5
@@ -137,6 +137,8 @@ conf.CHECK_STRUCTURE_MEMBER('krb5_address', 'addrtype', headers='krb5.h',
                             define='HAVE_ADDRTYPE_IN_KRB5_ADDRESS')
 conf.CHECK_STRUCTURE_MEMBER('krb5_ap_req', 'ticket', headers='krb5.h',
                             define='HAVE_TICKET_POINTER_IN_KRB5_AP_REQ')
+conf.CHECK_STRUCTURE_MEMBER('krb5_prompt', 'type', headers='krb5.h',
+                            define='HAVE_KRB5_PROMPT_TYPE')
 
 conf.CHECK_TYPE('krb5_encrypt_block', headers='krb5.h')
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list