/[smeserver]/rpms/samba/sme10/samba-4.4.x-fix_libads_krb5_memcache.patch
ViewVC logotype

Annotation of /rpms/samba/sme10/samba-4.4.x-fix_libads_krb5_memcache.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Fri May 26 19:16:27 2017 UTC (7 years ago) by unnilennium
Branch: MAIN
CVS Tags: samba-4_4_4-12_6_el7_sme, samba-4_4_4-14_6_el7_sme 
* Fri May 26 2017 Jean-Philipe Pialasse <tests@pialasse.com> 4.4.4-14.6.sme
- import to SME the two last upstream releases [SME: 10326]
- resolves: #1450784 - Security fix for CVE-2017-7494
- resolves: #1437816 - Fix krb5 memory cache in libads sasl code
- resolves: #1437741 - Fix CVE-2016-2125, CVE-2016-2126 and CVE-2017-2619
1 unnilennium 1.1 From 66668deb267d63f17c70aaea6f720a7c440bb71c Mon Sep 17 00:00:00 2001
2     From: Stefan Metzmacher <metze@samba.org>
3     Date: Mon, 10 Oct 2016 15:53:26 +0200
4     Subject: [PATCH 1/3] HEIMDAL:lib/krb5: destroy a memory ccache on reinit
5     MIME-Version: 1.0
6     Content-Type: text/plain; charset=UTF-8
7     Content-Transfer-Encoding: 8bit
8    
9     BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
10    
11     Signed-off-by: Stefan Metzmacher <metze@samba.org>
12     Reviewed-by: Günther Deschner <gd@samba.org>
13     Reviewed-by: Uri Simchoni <uri@samba.org>
14     (cherry picked from commit 2abc3710a8a63327a769ba0482c553ed274b2113)
15     ---
16     source4/heimdal/lib/krb5/mcache.c | 52 ++++++++++++++++++++++++++-------------
17     1 file changed, 35 insertions(+), 17 deletions(-)
18    
19     diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c
20     index e4b90c1..dc79b87 100644
21     --- a/source4/heimdal/lib/krb5/mcache.c
22     +++ b/source4/heimdal/lib/krb5/mcache.c
23     @@ -155,13 +155,47 @@ mcc_gen_new(krb5_context context, krb5_ccache *id)
24     return 0;
25     }
26    
27     +static void KRB5_CALLCONV
28     +mcc_destroy_internal(krb5_context context,
29     + krb5_mcache *m)
30     +{
31     + struct link *l;
32     +
33     + if (m->primary_principal != NULL) {
34     + krb5_free_principal (context, m->primary_principal);
35     + m->primary_principal = NULL;
36     + }
37     + m->dead = 1;
38     +
39     + l = m->creds;
40     + while (l != NULL) {
41     + struct link *old;
42     +
43     + krb5_free_cred_contents (context, &l->cred);
44     + old = l;
45     + l = l->next;
46     + free (old);
47     + }
48     +
49     + m->creds = NULL;
50     + return;
51     +}
52     +
53     static krb5_error_code KRB5_CALLCONV
54     mcc_initialize(krb5_context context,
55     krb5_ccache id,
56     krb5_principal primary_principal)
57     {
58     krb5_mcache *m = MCACHE(id);
59     + /*
60     + * It's important to destroy any existing
61     + * creds here, that matches the baheviour
62     + * of all other backends and also the
63     + * MEMORY: backend in MIT.
64     + */
65     + mcc_destroy_internal(context, m);
66     m->dead = 0;
67     + m->kdc_offset = 0;
68     m->mtime = time(NULL);
69     return krb5_copy_principal (context,
70     primary_principal,
71     @@ -195,7 +229,6 @@ mcc_destroy(krb5_context context,
72     krb5_ccache id)
73     {
74     krb5_mcache **n, *m = MCACHE(id);
75     - struct link *l;
76    
77     if (m->refcnt == 0)
78     krb5_abortx(context, "mcc_destroy: refcnt already 0");
79     @@ -211,22 +244,7 @@ mcc_destroy(krb5_context context,
80     }
81     }
82     HEIMDAL_MUTEX_unlock(&mcc_mutex);
83     - if (m->primary_principal != NULL) {
84     - krb5_free_principal (context, m->primary_principal);
85     - m->primary_principal = NULL;
86     - }
87     - m->dead = 1;
88     -
89     - l = m->creds;
90     - while (l != NULL) {
91     - struct link *old;
92     -
93     - krb5_free_cred_contents (context, &l->cred);
94     - old = l;
95     - l = l->next;
96     - free (old);
97     - }
98     - m->creds = NULL;
99     + mcc_destroy_internal(context, m);
100     }
101     return 0;
102     }
103     --
104     1.9.1
105    
106    
107     From 5484f6cb0d812d11234347f592dff1a15ef5ef50 Mon Sep 17 00:00:00 2001
108     From: Stefan Metzmacher <metze@samba.org>
109     Date: Mon, 10 Oct 2016 17:07:12 +0200
110     Subject: [PATCH 2/3] s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor
111     set "KRB5CCNAME"
112     MIME-Version: 1.0
113     Content-Type: text/plain; charset=UTF-8
114     Content-Transfer-Encoding: 8bit
115    
116     Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
117    
118     BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
119    
120     Signed-off-by: Stefan Metzmacher <metze@samba.org>
121     Reviewed-by: Günther Deschner <gd@samba.org>
122     Reviewed-by: Uri Simchoni <uri@samba.org>
123     (cherry picked from commit 890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd)
124     ---
125     source3/libads/sasl.c | 5 -----
126     1 file changed, 5 deletions(-)
127    
128     diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
129     index 85a2eb0..4e4486f 100644
130     --- a/source3/libads/sasl.c
131     +++ b/source3/libads/sasl.c
132     @@ -1027,7 +1027,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
133     {
134     ADS_STATUS status;
135     struct ads_service_principal p;
136     - const char *ccache_name = "MEMORY:ads_sasl_gssapi_do_bind";
137    
138     status = ads_generate_service_principal(ads, &p);
139     if (!ADS_ERR_OK(status)) {
140     @@ -1046,10 +1045,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
141     "calling kinit\n", ads_errstr(status)));
142     }
143    
144     - if (ads->auth.ccache_name != NULL) {
145     - ccache_name = ads->auth.ccache_name;
146     - }
147     - setenv(KRB5_ENV_CCNAME, ccache_name, 1);
148     status = ADS_ERROR_KRB5(ads_kinit_password(ads));
149    
150     if (ADS_ERR_OK(status)) {
151     --
152     1.9.1
153    
154    
155     From 012e763219f42071ced497fcc0ecd387789efd4f Mon Sep 17 00:00:00 2001
156     From: Stefan Metzmacher <metze@samba.org>
157     Date: Mon, 10 Oct 2016 17:07:12 +0200
158     Subject: [PATCH 3/3] s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set
159     "KRB5CCNAME"
160     MIME-Version: 1.0
161     Content-Type: text/plain; charset=UTF-8
162     Content-Transfer-Encoding: 8bit
163    
164     Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
165    
166     BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
167    
168     Signed-off-by: Stefan Metzmacher <metze@samba.org>
169     Reviewed-by: Günther Deschner <gd@samba.org>
170     Reviewed-by: Uri Simchoni <uri@samba.org>
171    
172     Autobuild-User(master): Jeremy Allison <jra@samba.org>
173     Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144
174    
175     (cherry picked from commit a5f895a53016af71db53967062728fec5bc307ca)
176     ---
177     source3/libads/sasl.c | 6 ------
178     1 file changed, 6 deletions(-)
179    
180     diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
181     index 4e4486f..39c60c3 100644
182     --- a/source3/libads/sasl.c
183     +++ b/source3/libads/sasl.c
184     @@ -749,11 +749,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
185     if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
186     got_kerberos_mechanism)
187     {
188     - const char *ccache_name = "MEMORY:ads_sasl_spnego_bind";
189     - if (ads->auth.ccache_name != NULL) {
190     - ccache_name = ads->auth.ccache_name;
191     - }
192     -
193     if (ads->auth.password == NULL ||
194     ads->auth.password[0] == '\0')
195     {
196     @@ -771,7 +766,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
197     "calling kinit\n", ads_errstr(status)));
198     }
199    
200     - setenv(KRB5_ENV_CCNAME, ccache_name, 1);
201     status = ADS_ERROR_KRB5(ads_kinit_password(ads));
202    
203     if (ADS_ERR_OK(status)) {
204     --
205     1.9.1
206    
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed