[PATCH v2] fixes account locked when using winbind refresh tickets
Andreas Schneider
asn at samba.org
Fri Jan 12 21:49:40 UTC 2018
On Friday, 12 January 2018 22:08:19 CET David Mulder via samba-technical
wrote:
> Fixes since version 1:
> - Fixed README.Coding issues ("Make use of helper variables")
> - Use talloc_strndup instead of strncpy()
> - Fix white space in confusing pointer arithmetic.
> - Use ads_idmap_cached_connection() to setup ADS_STRUCT
> - Prefer the newer DBG_NOTICE over DEBUG(10)
> - Add log messages that indicate when a kinit is skipped for a
> particular user
> - Use strtoull() instead of atoll().
> - Put checks within the krb5_ticket_refresh_handler() rekinit goto
> block, otherwise the new checks can be jumped over.
>
> source3/libads/ads_ldap_protos.h | 2 +
> source3/libads/ldap.c | 27 ++++++++
> source3/winbindd/winbindd.h | 1 +
> source3/winbindd/winbindd_cred_cache.c | 119
> ++++++++++++++++++++++++++++-----
> source3/winbindd/winbindd_pam.c | 6 +-
> source3/winbindd/winbindd_proto.h | 3 +-
> 6 files changed, 138 insertions(+), 20 deletions(-)
Please initialise *all* pointers with NULL.
In ads_pull_uint64()
char **values = NULL;
if (values != NULL)
..
if (values[0] != NULL)
in fetch_last_password_change()
bool ok;
ok = ads_pull_uint64(..);
if (!ok)
in the other functions
uint64_t last_pw_chg;
last_pwd_chg = fetch_last_password_change();
if (last_pw_chg != 0)
..
and also for the next fetch_last_password_change call use a helper variable.
Andreas
More information about the samba-technical
mailing list