[SCM] Samba Shared Repository - branch v4-7-test updated

Karolin Seeger kseeger at samba.org
Mon Jun 25 15:17:02 UTC 2018 

The branch, v4-7-test has been updated
       via  454f425 heimdal: lib/krb5: do not fail set_config_files due to parse error
       via  cdf16fd krb5_wrap: fix keep_old_entries logic for older kerberos libraries
      from  0b95014 VERSION: Bump version up to 4.7.9...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -----------------------------------------------------------------
commit 454f425048151e52fca2094b99f295935370f858
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date:   Thu Jun 16 16:25:41 2016 -0400

    heimdal: lib/krb5: do not fail set_config_files due to parse error
    
    Follow Apple's lead and do not fail krb5_set_config_files() simply
    because one of the files in the profile list fails to parse correctly.
    Doing so can lead to hard to find failures and could lead to an end
    user shooting themselves in the foot and no longer be able to login
    to their system to fix it.
    
    Parse as many of the files as we can.  Only fail krb5_set_config_files()
    if init_context_from_config_file() fails.
    
    Change-Id: I122664c6d707a5f926643808ba414bf4f681f8b8
    
    Cherry-pick of Heimdal commit b7cf5e7caf9b270f4d4151d2690177b11a7a1bdf
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573
    
    Signed-off-by: Björn Baumbach <bb at sernet.de>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>
    (cherry picked from commit f05a1554b770c6a2c905170347bfb41157f4aa78)
    
    Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-7-test): Mon Jun 25 17:16:50 CEST 2018 on sn-devel-144

commit cdf16fd98fc765072a14fdfadb92a2004798c498
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jun 19 15:09:41 2018 -0700

    krb5_wrap: fix keep_old_entries logic for older kerberos libraries
    
    MIT kerberos 1.13 and older only stores 8 bits of the KVNO. The change
    from commit 35b2fb4ff32 resulted in breakage for these kerberos
    versions: 'net ads keytab create' reads a large KVNO from AD, and only
    the lower 8 bits are stored. The next check then removed the entry again
    as the 8 bit value did not match the currently valid KVNO.
    
    Fix this by limiting the check to only 8 bits.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13478
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>
    
    Autobuild-User(master): Christof Schmitt <cs at samba.org>
    Autobuild-Date(master): Sat Jun 23 00:57:47 CEST 2018 on sn-devel-144
    
    (cherry picked from commit 97eaeea6a130871cfac5be42459380c0c4e0fae6)

-----------------------------------------------------------------------

Summary of changes:
 lib/krb5_wrap/krb5_samba.c             | 2 +-
 source4/heimdal/lib/krb5/config_file.c | 4 ++--
 source4/heimdal/lib/krb5/context.c     | 3 ++-
 3 files changed, 5 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 7c461e5..0ba8aae 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1549,7 +1549,7 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
 		}
 
 		if (!flush &&
-		    (kt_entry.vno == kvno) &&
+		    ((kt_entry.vno & 0xff) == (kvno & 0xff)) &&
 		    (kt_entry_enctype != enctype))
 		{
 			DEBUG(5, (__location__ ": Saving entry with kvno [%d] "
diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c
index 4ac25ae..f5ddcc9 100644
--- a/source4/heimdal/lib/krb5/config_file.c
+++ b/source4/heimdal/lib/krb5/config_file.c
@@ -370,11 +370,11 @@ krb5_config_parse_debug (struct fileptr *f,
 	    b = NULL;
 	} else if (*p == '}') {
 	    *err_message = "unmatched }";
-	    return EINVAL;	/* XXX */
+	    return KRB5_CONFIG_BADFORMAT;
 	} else if(*p != '\0') {
 	    if (s == NULL) {
 		*err_message = "binding before section";
-		return EINVAL;
+		return KRB5_CONFIG_BADFORMAT;
 	    }
 	    ret = parse_binding(f, lineno, p, &b, &s->u.list, err_message);
 	    if (ret)
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
index 23e3879..770f012 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -646,7 +646,8 @@ krb5_set_config_files(krb5_context context, char **filenames)
     krb5_config_binding *tmp = NULL;
     while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
 	ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
-	if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
+	if (ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM
+	    && ret != KRB5_CONFIG_BADFORMAT) {
 	    krb5_config_file_free(context, tmp);
 	    return ret;
 	}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list