[SCM] Samba Shared Repository - branch v4-7-test updated
Karolin Seeger
kseeger at samba.org
Mon Jun 25 15:17:02 UTC 2018
The branch, v4-7-test has been updated
via 454f425 heimdal: lib/krb5: do not fail set_config_files due to parse error
via cdf16fd krb5_wrap: fix keep_old_entries logic for older kerberos libraries
from 0b95014 VERSION: Bump version up to 4.7.9...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test
- Log -----------------------------------------------------------------
commit 454f425048151e52fca2094b99f295935370f858
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: Thu Jun 16 16:25:41 2016 -0400
heimdal: lib/krb5: do not fail set_config_files due to parse error
Follow Apple's lead and do not fail krb5_set_config_files() simply
because one of the files in the profile list fails to parse correctly.
Doing so can lead to hard to find failures and could lead to an end
user shooting themselves in the foot and no longer be able to login
to their system to fix it.
Parse as many of the files as we can. Only fail krb5_set_config_files()
if init_context_from_config_file() fails.
Change-Id: I122664c6d707a5f926643808ba414bf4f681f8b8
Cherry-pick of Heimdal commit b7cf5e7caf9b270f4d4151d2690177b11a7a1bdf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit f05a1554b770c6a2c905170347bfb41157f4aa78)
Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Mon Jun 25 17:16:50 CEST 2018 on sn-devel-144
commit cdf16fd98fc765072a14fdfadb92a2004798c498
Author: Christof Schmitt <cs at samba.org>
Date: Tue Jun 19 15:09:41 2018 -0700
krb5_wrap: fix keep_old_entries logic for older kerberos libraries
MIT kerberos 1.13 and older only stores 8 bits of the KVNO. The change
from commit 35b2fb4ff32 resulted in breakage for these kerberos
versions: 'net ads keytab create' reads a large KVNO from AD, and only
the lower 8 bits are stored. The next check then removed the entry again
as the 8 bit value did not match the currently valid KVNO.
Fix this by limiting the check to only 8 bits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13478
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Sat Jun 23 00:57:47 CEST 2018 on sn-devel-144
(cherry picked from commit 97eaeea6a130871cfac5be42459380c0c4e0fae6)
-----------------------------------------------------------------------
Summary of changes:
lib/krb5_wrap/krb5_samba.c | 2 +-
source4/heimdal/lib/krb5/config_file.c | 4 ++--
source4/heimdal/lib/krb5/context.c | 3 ++-
3 files changed, 5 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 7c461e5..0ba8aae 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1549,7 +1549,7 @@ krb5_error_code smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
}
if (!flush &&
- (kt_entry.vno == kvno) &&
+ ((kt_entry.vno & 0xff) == (kvno & 0xff)) &&
(kt_entry_enctype != enctype))
{
DEBUG(5, (__location__ ": Saving entry with kvno [%d] "
diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c
index 4ac25ae..f5ddcc9 100644
--- a/source4/heimdal/lib/krb5/config_file.c
+++ b/source4/heimdal/lib/krb5/config_file.c
@@ -370,11 +370,11 @@ krb5_config_parse_debug (struct fileptr *f,
b = NULL;
} else if (*p == '}') {
*err_message = "unmatched }";
- return EINVAL; /* XXX */
+ return KRB5_CONFIG_BADFORMAT;
} else if(*p != '\0') {
if (s == NULL) {
*err_message = "binding before section";
- return EINVAL;
+ return KRB5_CONFIG_BADFORMAT;
}
ret = parse_binding(f, lineno, p, &b, &s->u.list, err_message);
if (ret)
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
index 23e3879..770f012 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -646,7 +646,8 @@ krb5_set_config_files(krb5_context context, char **filenames)
krb5_config_binding *tmp = NULL;
while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
- if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
+ if (ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM
+ && ret != KRB5_CONFIG_BADFORMAT) {
krb5_config_file_free(context, tmp);
return ret;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list