[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Dec 9 14:15:02 UTC 2021
The branch, master has been updated
via e2b7a2f7811 s4-auth: Remove unused headers
via 1bacf26d30a auth/credentials: Fix cli_credentials_shallow_ccache error case
via ce293eb861b auth/credentials: Handle ENOENT when obtaining ccache lifetime
from 102ad9ee6a0 librpc: match gensec_gssapi and call gsskrb5_set_dns_canonicalize() for Heimdal
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e2b7a2f78117e20739aa4f895ce68825e160d451
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Dec 8 15:30:02 2021 +1300
s4-auth: Remove unused headers
These changes were submitted in a patch by
Stefan Metzmacher <metze at samba.org> in his lorikeet-heimdal
import branch of patches to upgrade to a modern Heimdal.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Dec 9 14:14:12 UTC 2021 on sn-devel-184
commit 1bacf26d30adc89348786bff7b9e2fe6d6f43856
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 3 15:29:32 2020 +0200
auth/credentials: Fix cli_credentials_shallow_ccache error case
Avoid dangling values if something fails...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit ce293eb861b2fc6c7a88cf67664c91735bf49d44
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 3 15:27:45 2020 +0200
auth/credentials: Handle ENOENT when obtaining ccache lifetime
The new Heimdal may return ENOENT instead of KRB5_CC_END.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials_krb5.c | 13 +++++++++----
source4/auth/kerberos/kerberos.h | 1 -
source4/auth/kerberos/krb5_init_context.c | 1 -
3 files changed, 9 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index d2e7a76a69e..e69e1a83b3c 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -686,7 +686,7 @@ _PUBLIC_ int cli_credentials_get_named_ccache(struct cli_credentials *cred,
bool expired = false;
ret = smb_krb5_cc_get_lifetime(cred->ccache->smb_krb5_context->krb5_context,
cred->ccache->ccache, &lifetime);
- if (ret == KRB5_CC_END) {
+ if (ret == KRB5_CC_END || ret == ENOENT) {
/* If we have a particular ccache set, without
* an initial ticket, then assume there is a
* good reason */
@@ -1060,15 +1060,22 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred)
{
krb5_error_code ret;
const struct ccache_container *old_ccc = NULL;
+ enum credentials_obtained old_obtained;
struct ccache_container *ccc = NULL;
char *ccache_name = NULL;
krb5_principal princ;
+ old_obtained = cred->ccache_obtained;
old_ccc = cred->ccache;
if (old_ccc == NULL) {
return 0;
}
+ cred->ccache = NULL;
+ cred->ccache_obtained = CRED_UNINITIALISED;
+ cred->client_gss_creds = NULL;
+ cred->client_gss_creds_obtained = CRED_UNINITIALISED;
+
ret = krb5_cc_get_principal(
old_ccc->smb_krb5_context->krb5_context,
old_ccc->ccache,
@@ -1077,7 +1084,6 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred)
/*
* This is an empty ccache. No point in copying anything.
*/
- cred->ccache = NULL;
return 0;
}
krb5_free_principal(old_ccc->smb_krb5_context->krb5_context, princ);
@@ -1110,8 +1116,7 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred)
}
cred->ccache = ccc;
- cred->client_gss_creds = NULL;
- cred->client_gss_creds_obtained = CRED_UNINITIALISED;
+ cred->ccache_obtained = old_obtained;
return ret;
}
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index 1dd63acc838..33ee4f301ed 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -27,7 +27,6 @@
#include "auth/kerberos/krb5_init_context.h"
#include "librpc/gen_ndr/krb5pac.h"
#include "lib/krb5_wrap/krb5_samba.h"
-#include "lib/krb5_wrap/gss_samba.h"
struct auth_user_info_dc;
struct cli_credentials;
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 639718cb6a6..616eebc968e 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -22,7 +22,6 @@
#include "includes.h"
#include "system/kerberos.h"
-#include "system/gssapi.h"
#include <tevent.h>
#include "auth/kerberos/kerberos.h"
#include "lib/socket/socket.h"
--
Samba Shared Repository
More information about the samba-cvs
mailing list