[SCM] Samba Shared Repository - branch master updated

Ralph Böhme slow at samba.org
Thu Nov 22 10:19:02 UTC 2018 

The branch, master has been updated
       via  64fbc4c1511 utils: Free host realm after processing
       via  c73c345f6f4 utils: Free krb5 context for net_lookup_kdc
       via  1a6451decfb librpc: Free krb5 context on error
       via  7f902798a7f s3: Free principal if smb_krb5_principal_get_realm() fails
       via  1295e2b754d README.Coding: Approve DBG statements using dom_sid_str_buf
       via  a3dd28c6352 smbspool: Free kerberos context on error
       via  02514427dba libads: set proper ads_keytab_flush() return code on error
      from  88d82b44c32 libsmb: Make cli_notify_send cancellable

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 64fbc4c151158a1bc8864b3db56c79c4367cd7f2
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Wed Nov 21 13:30:08 2018 +0100

    utils: Free host realm after processing
    
    In case of error and at the end of processing the list
    of realms have to be free'd again.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Thu Nov 22 11:18:41 CET 2018 on sn-devel-144

commit c73c345f6f47cc124109925f87536fdf0febc702
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Wed Nov 21 13:17:38 2018 +0100

    utils: Free krb5 context for net_lookup_kdc
    
    In case of an error while processing and at the end of processing
    the krb5 conext must be free'd.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit 1a6451decfbffe10d72ad1c1221a4e9bccf04055
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Wed Nov 21 12:53:30 2018 +0100

    librpc: Free krb5 context on error
    
    If the call to krb5_cc_resolve() fails and processing is aborted,
    the krb5 conext must be free'd before return.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit 7f902798a7f43ea84fb7757ea6b917a4717f99e0
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Wed Nov 21 12:05:24 2018 +0100

    s3: Free principal if smb_krb5_principal_get_realm() fails
    
    If smb_krb5_principal_get_realm() fails, procesing is aborted and
    resources have to be free'd. In this context free'ing the principal
    was missing.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit 1295e2b754da6aeb1b5d2c6b07c8cc9afbba21f9
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Nov 21 15:58:21 2018 +0100

    README.Coding: Approve DBG statements using dom_sid_str_buf
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit a3dd28c635206272673ea1f62b35121c7e808db4
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Wed Nov 21 10:21:46 2018 +0100

    smbspool: Free kerberos context on error
    
    If processing cannot continue and the function returns
    the kerberos context must be free'd.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit 02514427dba74325510137655a3788e70e29c82d
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Wed Nov 21 10:59:31 2018 +0100

    libads: set proper ads_keytab_flush() return code on error
    
    The return code was left on success when the calls to
    ads_get_machine_kvno() or ads_clear_service_principal_names()
    failed and the processing had to be aborted.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 README.Coding                    | 16 ++++++++++++++++
 source3/client/smbspool.c        |  1 +
 source3/libads/kerberos_keytab.c |  2 ++
 source3/libads/krb5_setpw.c      |  1 +
 source3/librpc/crypto/gse.c      |  4 ++++
 source3/utils/net_lookup.c       | 12 ++++++++----
 6 files changed, 32 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/README.Coding b/README.Coding
index 65d72d6fb73..ac9bcd43065 100644
--- a/README.Coding
+++ b/README.Coding
@@ -432,6 +432,22 @@ an iterator style:
 		   ... do something with opt ...
 	}
 
+Another exception: DBG messages for example printing a SID or a GUID:
+Here we don't expect any surprise from the printing functions, and the
+main reason of this guideline is to make debugging easier. That reason
+rarely exists for this particular use case, and we gain some
+efficiency because the DBG_ macros don't evaluate their arguments if
+the debuglevel is not high enough.
+
+	if (!NT_STATUS_IS_OK(status)) {
+		struct dom_sid_buf sid_buf;
+		struct GUID_txt_buf guid_buf;
+		DBG_WARNING(
+		    "objectSID [%s] for GUID [%s] invalid\n",
+		    dom_sid_str_buf(objectsid, &sid_buf),
+		    GUID_buf_string(&cache->entries[idx], &guid_buf));
+	}
+
 But in general, please try to avoid this pattern.
 
 
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index 389e4ea553f..58ce6c56177 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -523,6 +523,7 @@ static bool kerberos_ccache_is_valid(void) {
 
 	ccache_name = krb5_cc_default_name(ctx);
 	if (ccache_name == NULL) {
+		krb5_free_context(ctx);
 		return false;
 	}
 
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 8eb7b2a7c6b..792dc999e6c 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -453,6 +453,7 @@ int ads_keytab_flush(ADS_STRUCT *ads)
 	if (kvno == -1) {
 		/* -1 indicates a failure */
 		DEBUG(1, (__location__ ": Error determining the kvno.\n"));
+		ret = -1;
 		goto out;
 	}
 
@@ -473,6 +474,7 @@ int ads_keytab_flush(ADS_STRUCT *ads)
 	if (!ADS_ERR_OK(aderr)) {
 		DEBUG(1, (__location__ ": Error while clearing service "
 			  "principal listings in LDAP.\n"));
+		ret = -1;
 		goto out;
 	}
 
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 8f9098853b9..94dd8eefc92 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -221,6 +221,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
 
     /* We have to obtain an INITIAL changepw ticket for changing password */
     if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
+	krb5_free_principal(context, princ);
 	krb5_get_init_creds_opt_free(context, opts);
 	smb_krb5_free_addresses(context, addr);
 	krb5_free_context(context);
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 70e29c27923..2c00ea9bbcb 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -236,6 +236,10 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 
 err_out:
+	if (gse_ctx->k5ctx) {
+		krb5_free_context(gse_ctx->k5ctx);
+	}
+
 	TALLOC_FREE(gse_ctx);
 	return status;
 }
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
index 05a3dbc6e2b..140f9900795 100644
--- a/source3/utils/net_lookup.c
+++ b/source3/utils/net_lookup.c
@@ -281,6 +281,7 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv)
 	krb5_context ctx;
 	struct ip_service *kdcs;
 	const char *realm;
+	char **get_host_realms = NULL;
 	int num_kdcs = 0;
 	int i;
 	NTSTATUS status;
@@ -298,20 +299,21 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv)
 	} else if (lp_realm() && *lp_realm()) {
 		realm = lp_realm();
 	} else {
-		char **realms;
-
-		rc = krb5_get_host_realm(ctx, NULL, &realms);
+		rc = krb5_get_host_realm(ctx, NULL, &get_host_realms);
 		if (rc) {
 			DEBUG(1,("krb5_gethost_realm failed (%s)\n",
 				 error_message(rc)));
+			krb5_free_context(ctx);
 			return -1;
 		}
-		realm = (const char *) *realms;
+		realm = (const char *) *get_host_realms;
 	}
 
 	status = get_kdc_list(realm, NULL, &kdcs, &num_kdcs);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1,("get_kdc_list failed (%s)\n", nt_errstr(status)));
+		krb5_free_host_realm(ctx, get_host_realms);
+		krb5_free_context(ctx);
 		return -1;
 	}
 
@@ -323,6 +325,8 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv)
 		d_printf("%s:%u\n", addr, kdcs[i].port);
 	}
 
+	krb5_free_host_realm(ctx, get_host_realms);
+	krb5_free_context(ctx);
 	return 0;
 #endif
 	DEBUG(1, ("No kerberos support\n"));


-- 
Samba Shared Repository

More information about the samba-cvs mailing list