[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Wed Oct 12 22:36:03 UTC 2016 

The branch, master has been updated
       via  a5f895a s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"
       via  890b1bb s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"
       via  2abc371 HEIMDAL:lib/krb5: destroy a memory ccache on reinit
       via  6ec81ca lib: Fix CID 1373623 Dereference after null check
      from  9afdd95 winbindd: Remove now unused cache_methods

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a5f895a53016af71db53967062728fec5bc307ca
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 10 17:07:12 2016 +0200

    s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"
    
    Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Uri Simchoni <uri at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144

commit 890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 10 17:07:12 2016 +0200

    s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"
    
    Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Uri Simchoni <uri at samba.org>

commit 2abc3710a8a63327a769ba0482c553ed274b2113
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 10 15:53:26 2016 +0200

    HEIMDAL:lib/krb5: destroy a memory ccache on reinit
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Uri Simchoni <uri at samba.org>

commit 6ec81ca3c196f3c4659a4e1c473759b393708d12
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Oct 12 12:35:12 2016 +0200

    lib: Fix CID 1373623 Dereference after null check
    
    We should not overload "p", this is used in the outer loop
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12276
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Ralph Böhme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/substitute.c          |  7 +++---
 source3/libads/sasl.c             | 11 ---------
 source4/heimdal/lib/krb5/mcache.c | 52 ++++++++++++++++++++++++++-------------
 3 files changed, 39 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index 752f108..bc34c31 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -524,9 +524,10 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
 
 				group_name = gidtoname(pass->pw_gid);
 				if (is_domain_name) {
-					p = strchr_m(group_name, *sep);
-					if (p != NULL) {
-						group_name = p + 1;
+					char *group_sep;
+					group_sep = strchr_m(group_name, *sep);
+					if (group_sep != NULL) {
+						group_name = group_sep + 1;
 					}
 				}
 				a_string = realloc_string_sub(a_string,
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 85a2eb0..39c60c3 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -749,11 +749,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 	if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
 	    got_kerberos_mechanism) 
 	{
-		const char *ccache_name = "MEMORY:ads_sasl_spnego_bind";
-		if (ads->auth.ccache_name != NULL) {
-			ccache_name = ads->auth.ccache_name;
-		}
-
 		if (ads->auth.password == NULL ||
 		    ads->auth.password[0] == '\0')
 		{
@@ -771,7 +766,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 				  "calling kinit\n", ads_errstr(status)));
 		}
 
-		setenv(KRB5_ENV_CCNAME, ccache_name, 1);
 		status = ADS_ERROR_KRB5(ads_kinit_password(ads)); 
 
 		if (ADS_ERR_OK(status)) {
@@ -1027,7 +1021,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
 {
 	ADS_STATUS status;
 	struct ads_service_principal p;
-	const char *ccache_name = "MEMORY:ads_sasl_gssapi_do_bind";
 
 	status = ads_generate_service_principal(ads, &p);
 	if (!ADS_ERR_OK(status)) {
@@ -1046,10 +1039,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
 			  "calling kinit\n", ads_errstr(status)));
 	}
 
-	if (ads->auth.ccache_name != NULL) {
-		ccache_name = ads->auth.ccache_name;
-	}
-	setenv(KRB5_ENV_CCNAME, ccache_name, 1);
 	status = ADS_ERROR_KRB5(ads_kinit_password(ads));
 
 	if (ADS_ERR_OK(status)) {
diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c
index e4b90c1..dc79b87 100644
--- a/source4/heimdal/lib/krb5/mcache.c
+++ b/source4/heimdal/lib/krb5/mcache.c
@@ -155,13 +155,47 @@ mcc_gen_new(krb5_context context, krb5_ccache *id)
     return 0;
 }
 
+static void KRB5_CALLCONV
+mcc_destroy_internal(krb5_context context,
+		     krb5_mcache *m)
+{
+    struct link *l;
+
+    if (m->primary_principal != NULL) {
+	krb5_free_principal (context, m->primary_principal);
+	m->primary_principal = NULL;
+    }
+    m->dead = 1;
+
+    l = m->creds;
+    while (l != NULL) {
+	struct link *old;
+
+	krb5_free_cred_contents (context, &l->cred);
+	old = l;
+	l = l->next;
+	free (old);
+    }
+
+    m->creds = NULL;
+    return;
+}
+
 static krb5_error_code KRB5_CALLCONV
 mcc_initialize(krb5_context context,
 	       krb5_ccache id,
 	       krb5_principal primary_principal)
 {
     krb5_mcache *m = MCACHE(id);
+    /*
+     * It's important to destroy any existing
+     * creds here, that matches the baheviour
+     * of all other backends and also the
+     * MEMORY: backend in MIT.
+     */
+    mcc_destroy_internal(context, m);
     m->dead = 0;
+    m->kdc_offset = 0;
     m->mtime = time(NULL);
     return krb5_copy_principal (context,
 				primary_principal,
@@ -195,7 +229,6 @@ mcc_destroy(krb5_context context,
 	    krb5_ccache id)
 {
     krb5_mcache **n, *m = MCACHE(id);
-    struct link *l;
 
     if (m->refcnt == 0)
 	krb5_abortx(context, "mcc_destroy: refcnt already 0");
@@ -211,22 +244,7 @@ mcc_destroy(krb5_context context,
 	    }
 	}
 	HEIMDAL_MUTEX_unlock(&mcc_mutex);
-	if (m->primary_principal != NULL) {
-	    krb5_free_principal (context, m->primary_principal);
-	    m->primary_principal = NULL;
-	}
-	m->dead = 1;
-
-	l = m->creds;
-	while (l != NULL) {
-	    struct link *old;
-
-	    krb5_free_cred_contents (context, &l->cred);
-	    old = l;
-	    l = l->next;
-	    free (old);
-	}
-	m->creds = NULL;
+	mcc_destroy_internal(context, m);
     }
     return 0;
 }


-- 
Samba Shared Repository

More information about the samba-cvs mailing list