[PATCH v3] fixes account locked when using winbind refresh tickets

Andreas Schneider asn at samba.org
Mon Jan 15 15:29:33 UTC 2018


On Monday, 15 January 2018 16:11:14 CET Ralph Böhme via samba-technical wrote:
> Hi David,
> 
> On Mon, Jan 15, 2018 at 07:52:40AM -0700, David Mulder wrote:
> > Touch ups recommended by Andreas (null initialize, helper variables, etc).
> 
> thanks, much better! :)
> 
> Can you please also simplify a few if conditions and use early exits, eg you
> have
> 
> +       at_ptr = strchr(entry->principal_name, '@');
> +       if (at_ptr != NULL) {
> +               int strlen = at_ptr - entry->principal_name;
> +               sam = talloc_strndup(ctx, entry->principal_name, strlen);
> +       } else {
> +               DBG_DEBUG("Could not determine samAccountName from %s\n",
> +                         entry->principal_name);
> +               goto fail;
> +       }
> 
> Simpler:
> 
> +       int strlen;
>         ...
> +       at_ptr = strchr(entry->principal_name, '@');
> +       if (at_ptr == NULL) {
> +               DBG_DEBUG("Could not determine samAccountName from %s\n",
> +                         entry->principal_name);
> +               goto fail;
> +       }
> +
> +       strlen = at_ptr - entry->principal_name;
> +       sam = talloc_strndup(ctx, entry->principal_name, strlen);
> 
> Similar for the hunk that adds ads_do_search_all().
> 
> I guess is too much asking for a refactoring of
> krb5_ticket_refresh_handler() as part of the fix? This function is pure
> horror.

And I've spotted something else:

+static uint64_t fetch_last_password_change(struct WINBINDD_CCACHE_ENTRY 
*entry)
+{
+	TALLOC_CTX *ctx = talloc_new(entry);

Please use:

	TALLOC_CTX *frame = talloc_stackframe();

This is cheaper than talloc_new().


	Andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org





More information about the samba-technical mailing list