[PATCH] Some for credentials_krb5.c
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Nov 22 10:01:03 UTC 2018
Hi, Andrew!
Attached find some patches for credentials_krb5.c. In particular
[PATCH 3/8] credentials: Fix set_ccache with empty creds cache
is the one that triggered this. I did not understand the real meaning
of commit bb2f7e3aee7e9b8 and decided to propose something that makes
it clearer to me.
It survived gitlab:
https://gitlab.com/samba-team/devel/samba/pipelines/37456362
What do you think?
Thanks, Volker
--
Besuchen Sie die verinice.XP 2019 in Berlin!
Anwenderkonferenz für Informationssicherheit
26.-28. Februar 2019 - im Hotel Radisson Blu
Info & Anmeldung hier: http://veriniceXP.org
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From df88836e94200c51289e7f1ad5f4d3c3b6fcb1cc Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 21 Nov 2018 17:36:35 +0100
Subject: [PATCH 1/8] credentials: Only do shallow copies of valid ccaches
Signed-off-by: Volker Lendecke <vl at samba.org>
---
auth/credentials/credentials_krb5.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index d36797bf0f3..3f142f789d4 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -896,12 +896,26 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred)
const struct ccache_container *old_ccc = NULL;
struct ccache_container *ccc = NULL;
char *ccache_name = NULL;
+ krb5_principal princ;
old_ccc = cred->ccache;
if (old_ccc == NULL) {
return 0;
}
+ ret = krb5_cc_get_principal(
+ old_ccc->smb_krb5_context->krb5_context,
+ old_ccc->ccache,
+ &princ);
+ if (ret != 0) {
+ /*
+ * This is an empty ccache. No point in copying anything.
+ */
+ cred->ccache = NULL;
+ return 0;
+ }
+ krb5_free_principal(old_ccc->smb_krb5_context->krb5_context, princ);
+
ccc = talloc(cred, struct ccache_container);
if (ccc == NULL) {
return ENOMEM;
--
2.11.0
From 131dcd9e449472df7fa2a85fac7f6a6de7f3c5fb Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 21 Nov 2018 15:24:24 +0100
Subject: [PATCH 2/8] credentials: Fix an error path memleak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
auth/credentials/credentials_krb5.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 3f142f789d4..a683caf98ef 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -351,6 +351,7 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
if (ret) {
(*error_string) = error_message(ret);
+ TALLOC_FREE(ccc);
return ret;
}
--
2.11.0
From 6d5901f344a66ae0270d9ff882cb32d7414cb998 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 21 Nov 2018 15:28:42 +0100
Subject: [PATCH 3/8] credentials: Fix set_ccache with empty creds cache
This is an extension of bb2f7e3aee7e9b8: Without this fix in the
"empty ccache" case we never set cred->ccache, so the whole call to
cli_credentials_set_ccache became pointless
Signed-off-by: Volker Lendecke <vl at samba.org>
---
auth/credentials/credentials_krb5.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index a683caf98ef..6087da8d51f 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -354,14 +354,15 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
TALLOC_FREE(ccc);
return ret;
}
+ }
+
+ cred->ccache = ccc;
+ cred->ccache_obtained = obtained;
+ talloc_steal(cred, ccc);
- cred->ccache = ccc;
- cred->ccache_obtained = obtained;
- talloc_steal(cred, ccc);
+ cli_credentials_invalidate_client_gss_creds(
+ cred, cred->ccache_obtained);
- cli_credentials_invalidate_client_gss_creds(cred, cred->ccache_obtained);
- return 0;
- }
return 0;
}
--
2.11.0
From af8fcc84637096c1386e64f06a7b375fd02aa7ac Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 21 Nov 2018 15:30:29 +0100
Subject: [PATCH 4/8] credentials: Remove an unnecessary talloc_steal()
ccc was already allocated off cred, this talloc_steal was a no-op.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
auth/credentials/credentials_krb5.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 6087da8d51f..e64773d6d56 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -358,7 +358,6 @@ _PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred,
cred->ccache = ccc;
cred->ccache_obtained = obtained;
- talloc_steal(cred, ccc);
cli_credentials_invalidate_client_gss_creds(
cred, cred->ccache_obtained);
--
2.11.0
From 5e5a3fdd2759824f651710b54ef8258700110b38 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 20 Nov 2018 17:45:11 +0100
Subject: [PATCH 5/8] krb5_wrap: Add a talloc_ctx to
smb_krb5_principal_get_realm()
Signed-off-by: Volker Lendecke <vl at samba.org>
---
auth/credentials/credentials_krb5.c | 6 ++--
lib/krb5_wrap/krb5_samba.c | 19 +++++++------
lib/krb5_wrap/krb5_samba.h | 3 +-
source3/libads/krb5_setpw.c | 6 ++--
source4/dsdb/samdb/cracknames.c | 13 ++++-----
source4/kdc/db-glue.c | 55 +++++++++++++------------------------
source4/kdc/kpasswd-service-mit.c | 9 +++---
source4/kdc/mit_samba.c | 6 ++--
8 files changed, 50 insertions(+), 67 deletions(-)
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index e64773d6d56..d8ca6d97115 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -270,14 +270,14 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
return ENOMEM;
}
- realm = smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context,
- princ);
+ realm = smb_krb5_principal_get_realm(
+ cred, ccache->smb_krb5_context->krb5_context, princ);
krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ);
if (realm == NULL) {
return ENOMEM;
}
ok = cli_credentials_set_realm(cred, realm, obtained);
- SAFE_FREE(realm);
+ TALLOC_FREE(realm);
if (!ok) {
return ENOMEM;
}
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index a6ff97640ca..e8abfac1d8d 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2780,24 +2780,25 @@ krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
/**
* @brief Get realm of a principal
*
+ * @param[in] mem_ctx The talloc ctx to put the result on
+ *
* @param[in] context The library context
*
* @param[in] principal The principal to get the realm from.
*
- * @return An allocated string with the realm or NULL if an error occurred.
- *
- * The caller must free the realm string with free() if not needed anymore.
+ * @return A talloced string with the realm or NULL if an error occurred.
*/
-char *smb_krb5_principal_get_realm(krb5_context context,
+char *smb_krb5_principal_get_realm(TALLOC_CTX *mem_ctx,
+ krb5_context context,
krb5_const_principal principal)
{
#ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */
- return strdup(discard_const_p(char, krb5_principal_get_realm(context, principal)));
+ return talloc_strdup(mem_ctx,
+ krb5_principal_get_realm(context, principal));
#elif defined(krb5_princ_realm) /* MIT */
- krb5_data *realm;
- realm = discard_const_p(krb5_data,
- krb5_princ_realm(context, principal));
- return strndup(realm->data, realm->length);
+ const krb5_data *realm;
+ realm = krb5_princ_realm(context, principal);
+ return talloc_strndup(mem_ctx, realm->data, realm->length);
#else
#error UNKNOWN_GET_PRINC_REALM_FUNCTIONS
#endif
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 8305c1f77af..8ae9a5eb2a3 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -301,7 +301,8 @@ krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
uint32_t *sig_type,
DATA_BLOB *sig_blob);
-char *smb_krb5_principal_get_realm(krb5_context context,
+char *smb_krb5_principal_get_realm(TALLOC_CTX *mem_ctx,
+ krb5_context context,
krb5_const_principal principal);
void smb_krb5_principal_set_type(krb5_context context,
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 8f9098853b9..c47f42f4280 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -217,19 +217,19 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
}
krb5_get_init_creds_opt_set_address_list(opts, addr->addrs);
- realm = smb_krb5_principal_get_realm(context, princ);
+ realm = smb_krb5_principal_get_realm(NULL, context, princ);
/* We have to obtain an INITIAL changepw ticket for changing password */
if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
krb5_get_init_creds_opt_free(context, opts);
smb_krb5_free_addresses(context, addr);
krb5_free_context(context);
- free(realm);
+ TALLOC_FREE(realm);
DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
- free(realm);
+ TALLOC_FREE(realm);
password = SMB_STRDUP(oldpw);
ret = krb5_get_init_creds_password(context, &creds, princ, password,
kerb_prompter, NULL,
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 1f8cad75579..3360d9a48a5 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -57,7 +57,6 @@ static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx, struct smb_krb5_con
krb5_error_code ret;
krb5_principal principal;
/* perhaps it's a principal with a realm, so return the right 'domain only' response */
- char *realm;
ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name,
KRB5_PRINCIPAL_PARSE_REQUIRE_REALM, &principal);
if (ret) {
@@ -65,11 +64,9 @@ static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx, struct smb_krb5_con
return WERR_OK;
}
- realm = smb_krb5_principal_get_realm(smb_krb5_context->krb5_context, principal);
-
- info1->dns_domain_name = talloc_strdup(mem_ctx, realm);
+ info1->dns_domain_name = smb_krb5_principal_get_realm(
+ mem_ctx, smb_krb5_context->krb5_context, principal);
krb5_free_principal(smb_krb5_context->krb5_context, principal);
- free(realm);
W_ERROR_HAVE_NO_MEMORY(info1->dns_domain_name);
@@ -290,8 +287,8 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
return WERR_OK;
}
- realm = smb_krb5_principal_get_realm(smb_krb5_context->krb5_context,
- principal);
+ realm = smb_krb5_principal_get_realm(
+ mem_ctx, smb_krb5_context->krb5_context, principal);
ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
samdb_partitions_dn(sam_ctx, mem_ctx),
@@ -302,7 +299,7 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
ldb_binary_encode_string(mem_ctx, realm),
LDB_OID_COMPARATOR_AND,
SYSTEM_FLAG_CR_NTDS_DOMAIN);
- free(realm);
+ TALLOC_FREE(realm);
if (ldb_ret != LDB_SUCCESS) {
DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s\n", ldb_errstring(sam_ctx)));
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index acd24ec0c83..9d27e9743b9 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1030,7 +1030,8 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
entry_ex->entry.flags.invalid = 0;
entry_ex->entry.flags.server = 1;
- realm = smb_krb5_principal_get_realm(context, principal);
+ realm = smb_krb5_principal_get_realm(
+ mem_ctx, context, principal);
if (realm == NULL) {
ret = ENOMEM;
goto out;
@@ -1048,7 +1049,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
entry_ex->entry.flags.change_pw = 1;
}
- SAFE_FREE(realm);
+ TALLOC_FREE(realm);
entry_ex->entry.flags.client = 0;
entry_ex->entry.flags.forwardable = 1;
@@ -1655,8 +1656,8 @@ static krb5_error_code samba_kdc_lookup_client(krb5_context context,
}
num_comp = krb5_princ_size(context, fallback_principal);
- fallback_realm = smb_krb5_principal_get_realm(context,
- fallback_principal);
+ fallback_realm = smb_krb5_principal_get_realm(
+ mem_ctx, context, fallback_principal);
if (fallback_realm == NULL) {
krb5_free_principal(context, fallback_principal);
return ENOMEM;
@@ -1669,7 +1670,7 @@ static krb5_error_code samba_kdc_lookup_client(krb5_context context,
context, fallback_principal, 0);
if (fallback_account == NULL) {
krb5_free_principal(context, fallback_principal);
- SAFE_FREE(fallback_realm);
+ TALLOC_FREE(fallback_realm);
return ENOMEM;
}
@@ -1687,7 +1688,7 @@ static krb5_error_code samba_kdc_lookup_client(krb5_context context,
with_dollar = talloc_asprintf(mem_ctx, "%s$",
fallback_account);
if (with_dollar == NULL) {
- SAFE_FREE(fallback_realm);
+ TALLOC_FREE(fallback_realm);
return ENOMEM;
}
TALLOC_FREE(fallback_account);
@@ -1698,11 +1699,11 @@ static krb5_error_code samba_kdc_lookup_client(krb5_context context,
with_dollar, NULL);
TALLOC_FREE(with_dollar);
if (ret != 0) {
- SAFE_FREE(fallback_realm);
+ TALLOC_FREE(fallback_realm);
return ret;
}
}
- SAFE_FREE(fallback_realm);
+ TALLOC_FREE(fallback_realm);
if (fallback_principal != NULL) {
char *fallback_string = NULL;
@@ -1774,17 +1775,13 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
krb5_error_code ret;
struct ldb_message *msg = NULL;
struct ldb_dn *realm_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
- char *realm_from_princ, *realm_from_princ_malloc;
+ char *realm_from_princ;
char *realm_princ_comp = smb_krb5_principal_get_comp_string(mem_ctx, context, principal, 1);
- realm_from_princ_malloc = smb_krb5_principal_get_realm(context, principal);
- if (realm_from_princ_malloc == NULL) {
- /* can't happen */
- return SDB_ERR_NOENTRY;
- }
- realm_from_princ = talloc_strdup(mem_ctx, realm_from_princ_malloc);
- free(realm_from_princ_malloc);
+ realm_from_princ = smb_krb5_principal_get_realm(
+ mem_ctx, context, principal);
if (realm_from_princ == NULL) {
+ /* can't happen */
return SDB_ERR_NOENTRY;
}
@@ -2118,7 +2115,6 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context,
TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS status;
krb5_error_code ret;
- char *_realm = NULL;
bool check_realm = false;
const char *realm = NULL;
struct dsdb_trust_routing_table *trt = NULL;
@@ -2145,8 +2141,8 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context,
return 0;
}
- _realm = smb_krb5_principal_get_realm(context, principal);
- if (_realm == NULL) {
+ realm = smb_krb5_principal_get_realm(frame, context, principal);
+ if (realm == NULL) {
TALLOC_FREE(frame);
return ENOMEM;
}
@@ -2154,23 +2150,15 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context,
/*
* The requested realm needs to be our own
*/
- ok = lpcfg_is_my_domain_or_realm(kdc_db_ctx->lp_ctx, _realm);
+ ok = lpcfg_is_my_domain_or_realm(kdc_db_ctx->lp_ctx, realm);
if (!ok) {
/*
* The request is not for us...
*/
- SAFE_FREE(_realm);
TALLOC_FREE(frame);
return SDB_ERR_NOENTRY;
}
- realm = talloc_strdup(frame, _realm);
- SAFE_FREE(_realm);
- if (realm == NULL) {
- TALLOC_FREE(frame);
- return ENOMEM;
- }
-
if (smb_krb5_principal_get_type(context, principal) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
char *principal_string = NULL;
krb5_principal enterprise_principal = NULL;
@@ -2196,16 +2184,11 @@ static krb5_error_code samba_kdc_lookup_realm(krb5_context context,
return ret;
}
- enterprise_realm = smb_krb5_principal_get_realm(context,
- enterprise_principal);
+ enterprise_realm = smb_krb5_principal_get_realm(
+ frame, context, enterprise_principal);
krb5_free_principal(context, enterprise_principal);
if (enterprise_realm != NULL) {
- realm = talloc_strdup(frame, enterprise_realm);
- SAFE_FREE(enterprise_realm);
- if (realm == NULL) {
- TALLOC_FREE(frame);
- return ENOMEM;
- }
+ realm = enterprise_realm;
}
}
diff --git a/source4/kdc/kpasswd-service-mit.c b/source4/kdc/kpasswd-service-mit.c
index 1546b16b369..9a014c058fe 100644
--- a/source4/kdc/kpasswd-service-mit.c
+++ b/source4/kdc/kpasswd-service-mit.c
@@ -143,7 +143,8 @@ static krb5_error_code kpasswd_set_password(struct kdc_server *kdc,
return KRB5_KPASSWD_HARDERROR;
}
- target_realm = smb_krb5_principal_get_realm(context, target_principal);
+ target_realm = smb_krb5_principal_get_realm(
+ mem_ctx, context, target_principal);
code = krb5_unparse_name_flags(context,
target_principal,
KRB5_PRINCIPAL_UNPARSE_NO_REALM,
@@ -157,7 +158,7 @@ static krb5_error_code kpasswd_set_password(struct kdc_server *kdc,
if ((target_name != NULL && target_realm == NULL) ||
(target_name == NULL && target_realm != NULL)) {
krb5_free_principal(context, target_principal);
- SAFE_FREE(target_realm);
+ TALLOC_FREE(target_realm);
SAFE_FREE(target_name);
ok = kpasswd_make_error_reply(mem_ctx,
@@ -174,11 +175,11 @@ static krb5_error_code kpasswd_set_password(struct kdc_server *kdc,
}
if (target_name != NULL && target_realm != NULL) {
- SAFE_FREE(target_realm);
+ TALLOC_FREE(target_realm);
SAFE_FREE(target_name);
} else {
krb5_free_principal(context, target_principal);
- SAFE_FREE(target_realm);
+ TALLOC_FREE(target_realm);
SAFE_FREE(target_name);
return kpasswd_change_password(kdc,
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 414e67c6a98..13e0e044e50 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -272,8 +272,8 @@ fetch_referral_principal:
* We just redo the lookup in the database with the referral
* principal and return success.
*/
- dest_realm = smb_krb5_principal_get_realm(ctx->context,
- sentry.entry.principal);
+ dest_realm = smb_krb5_principal_get_realm(
+ ctx, ctx->context, sentry.entry.principal);
sdb_free_entry(&sentry);
if (dest_realm == NULL) {
ret = KRB5_KDB_NOENTRY;
@@ -286,7 +286,7 @@ fetch_referral_principal:
KRB5_TGS_NAME,
dest_realm,
NULL);
- SAFE_FREE(dest_realm);
+ TALLOC_FREE(dest_realm);
if (ret != 0) {
goto done;
}
--
2.11.0
From 8284b8fff7136350974ad2d9c2873237d005470c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 20 Nov 2018 13:38:05 +0100
Subject: [PATCH 6/8] lib: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/util_sid.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 13d5e1ce4c4..2ed968d7285 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -75,7 +75,7 @@ char *sid_string_tos(const struct dom_sid *sid)
bool sid_linearize(uint8_t *outbuf, size_t len, const struct dom_sid *sid)
{
- size_t i;
+ int8_t i;
if (len < ndr_size_dom_sid(sid, 0))
return False;
@@ -132,7 +132,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
struct dom_sid sid;
struct dom_sid *sid_array = NULL;
uint32_t num_sids = 0;
- int i;
+ uint32_t i;
if (include_user_group_rid) {
if (!sid_compose(&sid, info3->base.domain_sid, info3->base.rid)) {
--
2.11.0
From 6e1963c6cb6f29ef2733e944e8a1d11481dee6b8 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 20 Nov 2018 17:03:17 +0100
Subject: [PATCH 7/8] auth: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/auth/kerberos/kerberos_pac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index cd5a31a7408..e45a846cd88 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -48,7 +48,7 @@
DATA_BLOB tmp_blob = data_blob(NULL, 0);
struct PAC_SIGNATURE_DATA *kdc_checksum = NULL;
struct PAC_SIGNATURE_DATA *srv_checksum = NULL;
- int i;
+ uint32_t i;
/* First, just get the keytypes filled in (and lengths right, eventually) */
for (i=0; i < pac_data->num_buffers; i++) {
--
2.11.0
From f15ff36e8db9fbef995eb20345a018b4a46f011d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 21 Nov 2018 14:55:10 +0100
Subject: [PATCH 8/8] krb5_wrap: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/krb5_wrap/krb5_samba.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index e8abfac1d8d..b2425109d3a 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1956,7 +1956,7 @@ krb5_error_code smb_krb5_keyblock_init_contents(krb5_context context,
/**
* @brief Simulate a kinit by putting the tgt in the given credential cache.
*
- * This function uses a keyblock rather than needingthe original password.
+ * This function uses a keyblock rather than needing the original password.
*
* @param[in] ctx The library context
*
--
2.11.0
More information about the samba-technical
mailing list