[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Wed Nov 3 08:36:01 UTC 2021 

The branch, master has been updated
       via  a8a0667263d s3:librpc: Improve calling of krb5_kt_end_seq_get()
      from  5199eb14123 gp: Apply Firewalld Policy

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a8a0667263dc635d67da3ca3f48b46f71ca12289
Author: Pavel Filipenský <pfilipen at redhat.com>
Date:   Thu Oct 21 15:01:48 2021 +0200

    s3:librpc: Improve calling of krb5_kt_end_seq_get()
    
    Remove indentation with early return, best reviewed with
    git show -b
    
    Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Wed Nov  3 08:36:00 UTC 2021 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 source3/librpc/crypto/gse_krb5.c | 110 +++++++++++++++++++++------------------
 1 file changed, 59 insertions(+), 51 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index 804247e784d..83741c914a3 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -37,9 +37,8 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
 	ZERO_STRUCT(kt_entry);
 
 	ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor);
-	if (ret == KRB5_KT_END || ret == ENOENT ) {
-		/* no entries */
-		return 0;
+	if (ret != 0) {
+		return ret;
 	}
 
 	ret = krb5_kt_next_entry(krbctx, keytab, &kt_entry, &kt_cursor);
@@ -48,7 +47,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
 		/* we need to close and reopen enumeration because we modify
 		 * the keytab */
 		ret = krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
-		if (ret) {
+		if (ret != 0) {
 			DEBUG(1, (__location__ ": krb5_kt_end_seq_get() "
 				  "failed (%s)\n", error_message(ret)));
 			goto out;
@@ -56,7 +55,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
 
 		/* remove the entry */
 		ret = krb5_kt_remove_entry(krbctx, keytab, &kt_entry);
-		if (ret) {
+		if (ret != 0) {
 			DEBUG(1, (__location__ ": krb5_kt_remove_entry() "
 				  "failed (%s)\n", error_message(ret)));
 			goto out;
@@ -66,7 +65,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
 
 		/* now reopen */
 		ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor);
-		if (ret) {
+		if (ret != 0) {
 			DEBUG(1, (__location__ ": krb5_kt_start_seq() failed "
 				  "(%s)\n", error_message(ret)));
 			goto out;
@@ -81,6 +80,12 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
 			  error_message(ret)));
 	}
 
+	ret = krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
+	if (ret != 0) {
+		DEBUG(1, (__location__ ": krb5_kt_end_seq_get() "
+			  "failed (%s)\n", error_message(ret)));
+		goto out;
+	}
 	ret = 0;
 
 out:
@@ -156,7 +161,7 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx,
 						    krb5_keytab *keytab)
 {
 	TALLOC_CTX *frame = talloc_stackframe();
-	krb5_error_code ret;
+	krb5_error_code ret, ret2;
 	const char *domain = lp_workgroup();
 	struct secrets_domain_info1 *info = NULL;
 	const char *realm = NULL;
@@ -198,55 +203,61 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx,
 
 	/* check if the keytab already has any entry */
 	ret = krb5_kt_start_seq_get(krbctx, *keytab, &kt_cursor);
-	if (ret != KRB5_KT_END && ret != ENOENT ) {
-		/* check if we have our special enctype used to hold
-		 * the clear text password. If so, check it out so that
-		 * we can verify if the keytab needs to be upgraded */
-		while ((ret = krb5_kt_next_entry(krbctx, *keytab,
-					   &kt_entry, &kt_cursor)) == 0) {
-			if (smb_krb5_kt_get_enctype_from_entry(&kt_entry) ==
-			    CLEARTEXT_PRIV_ENCTYPE) {
-				break;
-			}
-			smb_krb5_kt_free_entry(krbctx, &kt_entry);
-			ZERO_STRUCT(kt_entry);
-		}
+	if (ret != 0) {
+		goto out;
+	}
 
-		if (ret != 0 && ret != KRB5_KT_END && ret != ENOENT ) {
-			/* Error parsing keytab */
-			DEBUG(1, (__location__ ": Failed to parse memory "
-				  "keytab!\n"));
-			goto out;
+	/* check if we have our special enctype used to hold
+	 * the clear text password. If so, check it out so that
+	 * we can verify if the keytab needs to be upgraded */
+	while ((ret = krb5_kt_next_entry(krbctx, *keytab,
+				   &kt_entry, &kt_cursor)) == 0) {
+		if (smb_krb5_kt_get_enctype_from_entry(&kt_entry) ==
+		    CLEARTEXT_PRIV_ENCTYPE) {
+			break;
 		}
+		smb_krb5_kt_free_entry(krbctx, &kt_entry);
+		ZERO_STRUCT(kt_entry);
+	}
 
-		if (ret == 0) {
-			/* found private entry,
-			 * check if keytab is up to date */
+	ret2 = krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
+	if (ret2 != 0) {
+		ret = ret2;
+		DEBUG(1, (__location__ ": krb5_kt_end_seq_get() "
+			  "failed (%s)\n", error_message(ret)));
+		goto out;
+	}
 
-			if ((ct->length == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) &&
-			    (memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)),
-						ct->data, ct->length) == 0)) {
-				/* keytab is already up to date, return */
-				smb_krb5_kt_free_entry(krbctx, &kt_entry);
-				goto out;
-			}
+	if (ret != 0 && ret != KRB5_KT_END && ret != ENOENT ) {
+		/* Error parsing keytab */
+		DEBUG(1, (__location__ ": Failed to parse memory "
+			  "keytab!\n"));
+		goto out;
+	}
+
+	if (ret == 0) {
+		/* found private entry,
+		 * check if keytab is up to date */
 
+		if ((ct->length == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) &&
+		    (memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)),
+					ct->data, ct->length) == 0)) {
+			/* keytab is already up to date, return */
 			smb_krb5_kt_free_entry(krbctx, &kt_entry);
-			ZERO_STRUCT(kt_entry);
+			goto out;
+		}
 
+		smb_krb5_kt_free_entry(krbctx, &kt_entry);
+		ZERO_STRUCT(kt_entry);
 
-			/* flush keytab, we need to regen it */
-			ret = flush_keytab(krbctx, *keytab);
-			if (ret) {
-				DEBUG(1, (__location__ ": Failed to flush "
-					  "memory keytab!\n"));
-				goto out;
-			}
-		}
-	}
 
-	if (!all_zero((uint8_t *)&kt_cursor, sizeof(kt_cursor)) && *keytab) {
-		krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
+		/* flush keytab, we need to regen it */
+		ret = flush_keytab(krbctx, *keytab);
+		if (ret) {
+			DEBUG(1, (__location__ ": Failed to flush "
+				  "memory keytab!\n"));
+			goto out;
+		}
 	}
 
 	/* keytab is not up to date, fill it up */
@@ -321,9 +332,6 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx,
 	ret = 0;
 
 out:
-	if (!all_zero((uint8_t *)&kt_cursor, sizeof(kt_cursor)) && *keytab) {
-		krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
-	}
 
 	if (princ) {
 		krb5_free_principal(krbctx, princ);
@@ -533,7 +541,7 @@ static krb5_error_code fill_mem_keytab_from_dedicated_keytab(krb5_context krbctx
 	krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
 
 out:
-	
+
 	krb5_kt_close(krbctx, keytab);
 
 	return ret;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list