[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Thu Nov 22 10:19:02 UTC 2018
The branch, master has been updated
via 64fbc4c1511 utils: Free host realm after processing
via c73c345f6f4 utils: Free krb5 context for net_lookup_kdc
via 1a6451decfb librpc: Free krb5 context on error
via 7f902798a7f s3: Free principal if smb_krb5_principal_get_realm() fails
via 1295e2b754d README.Coding: Approve DBG statements using dom_sid_str_buf
via a3dd28c6352 smbspool: Free kerberos context on error
via 02514427dba libads: set proper ads_keytab_flush() return code on error
from 88d82b44c32 libsmb: Make cli_notify_send cancellable
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 64fbc4c151158a1bc8864b3db56c79c4367cd7f2
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Nov 21 13:30:08 2018 +0100
utils: Free host realm after processing
In case of error and at the end of processing the list
of realms have to be free'd again.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Nov 22 11:18:41 CET 2018 on sn-devel-144
commit c73c345f6f47cc124109925f87536fdf0febc702
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Nov 21 13:17:38 2018 +0100
utils: Free krb5 context for net_lookup_kdc
In case of an error while processing and at the end of processing
the krb5 conext must be free'd.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 1a6451decfbffe10d72ad1c1221a4e9bccf04055
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Nov 21 12:53:30 2018 +0100
librpc: Free krb5 context on error
If the call to krb5_cc_resolve() fails and processing is aborted,
the krb5 conext must be free'd before return.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 7f902798a7f43ea84fb7757ea6b917a4717f99e0
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Nov 21 12:05:24 2018 +0100
s3: Free principal if smb_krb5_principal_get_realm() fails
If smb_krb5_principal_get_realm() fails, procesing is aborted and
resources have to be free'd. In this context free'ing the principal
was missing.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 1295e2b754da6aeb1b5d2c6b07c8cc9afbba21f9
Author: Volker Lendecke <vl at samba.org>
Date: Wed Nov 21 15:58:21 2018 +0100
README.Coding: Approve DBG statements using dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit a3dd28c635206272673ea1f62b35121c7e808db4
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Nov 21 10:21:46 2018 +0100
smbspool: Free kerberos context on error
If processing cannot continue and the function returns
the kerberos context must be free'd.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 02514427dba74325510137655a3788e70e29c82d
Author: Swen Schillig <swen at linux.ibm.com>
Date: Wed Nov 21 10:59:31 2018 +0100
libads: set proper ads_keytab_flush() return code on error
The return code was left on success when the calls to
ads_get_machine_kvno() or ads_clear_service_principal_names()
failed and the processing had to be aborted.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
README.Coding | 16 ++++++++++++++++
source3/client/smbspool.c | 1 +
source3/libads/kerberos_keytab.c | 2 ++
source3/libads/krb5_setpw.c | 1 +
source3/librpc/crypto/gse.c | 4 ++++
source3/utils/net_lookup.c | 12 ++++++++----
6 files changed, 32 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/README.Coding b/README.Coding
index 65d72d6fb73..ac9bcd43065 100644
--- a/README.Coding
+++ b/README.Coding
@@ -432,6 +432,22 @@ an iterator style:
... do something with opt ...
}
+Another exception: DBG messages for example printing a SID or a GUID:
+Here we don't expect any surprise from the printing functions, and the
+main reason of this guideline is to make debugging easier. That reason
+rarely exists for this particular use case, and we gain some
+efficiency because the DBG_ macros don't evaluate their arguments if
+the debuglevel is not high enough.
+
+ if (!NT_STATUS_IS_OK(status)) {
+ struct dom_sid_buf sid_buf;
+ struct GUID_txt_buf guid_buf;
+ DBG_WARNING(
+ "objectSID [%s] for GUID [%s] invalid\n",
+ dom_sid_str_buf(objectsid, &sid_buf),
+ GUID_buf_string(&cache->entries[idx], &guid_buf));
+ }
+
But in general, please try to avoid this pattern.
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index 389e4ea553f..58ce6c56177 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -523,6 +523,7 @@ static bool kerberos_ccache_is_valid(void) {
ccache_name = krb5_cc_default_name(ctx);
if (ccache_name == NULL) {
+ krb5_free_context(ctx);
return false;
}
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 8eb7b2a7c6b..792dc999e6c 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -453,6 +453,7 @@ int ads_keytab_flush(ADS_STRUCT *ads)
if (kvno == -1) {
/* -1 indicates a failure */
DEBUG(1, (__location__ ": Error determining the kvno.\n"));
+ ret = -1;
goto out;
}
@@ -473,6 +474,7 @@ int ads_keytab_flush(ADS_STRUCT *ads)
if (!ADS_ERR_OK(aderr)) {
DEBUG(1, (__location__ ": Error while clearing service "
"principal listings in LDAP.\n"));
+ ret = -1;
goto out;
}
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 8f9098853b9..94dd8eefc92 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -221,6 +221,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
/* We have to obtain an INITIAL changepw ticket for changing password */
if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
+ krb5_free_principal(context, princ);
krb5_get_init_creds_opt_free(context, opts);
smb_krb5_free_addresses(context, addr);
krb5_free_context(context);
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 70e29c27923..2c00ea9bbcb 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -236,6 +236,10 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
err_out:
+ if (gse_ctx->k5ctx) {
+ krb5_free_context(gse_ctx->k5ctx);
+ }
+
TALLOC_FREE(gse_ctx);
return status;
}
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
index 05a3dbc6e2b..140f9900795 100644
--- a/source3/utils/net_lookup.c
+++ b/source3/utils/net_lookup.c
@@ -281,6 +281,7 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv)
krb5_context ctx;
struct ip_service *kdcs;
const char *realm;
+ char **get_host_realms = NULL;
int num_kdcs = 0;
int i;
NTSTATUS status;
@@ -298,20 +299,21 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv)
} else if (lp_realm() && *lp_realm()) {
realm = lp_realm();
} else {
- char **realms;
-
- rc = krb5_get_host_realm(ctx, NULL, &realms);
+ rc = krb5_get_host_realm(ctx, NULL, &get_host_realms);
if (rc) {
DEBUG(1,("krb5_gethost_realm failed (%s)\n",
error_message(rc)));
+ krb5_free_context(ctx);
return -1;
}
- realm = (const char *) *realms;
+ realm = (const char *) *get_host_realms;
}
status = get_kdc_list(realm, NULL, &kdcs, &num_kdcs);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("get_kdc_list failed (%s)\n", nt_errstr(status)));
+ krb5_free_host_realm(ctx, get_host_realms);
+ krb5_free_context(ctx);
return -1;
}
@@ -323,6 +325,8 @@ static int net_lookup_kdc(struct net_context *c, int argc, const char **argv)
d_printf("%s:%u\n", addr, kdcs[i].port);
}
+ krb5_free_host_realm(ctx, get_host_realms);
+ krb5_free_context(ctx);
return 0;
#endif
DEBUG(1, ("No kerberos support\n"));
--
Samba Shared Repository
More information about the samba-cvs
mailing list