1 |
unnilennium |
1.1 |
From 66668deb267d63f17c70aaea6f720a7c440bb71c Mon Sep 17 00:00:00 2001 |
2 |
|
|
From: Stefan Metzmacher <metze@samba.org> |
3 |
|
|
Date: Mon, 10 Oct 2016 15:53:26 +0200 |
4 |
|
|
Subject: [PATCH 1/3] HEIMDAL:lib/krb5: destroy a memory ccache on reinit |
5 |
|
|
MIME-Version: 1.0 |
6 |
|
|
Content-Type: text/plain; charset=UTF-8 |
7 |
|
|
Content-Transfer-Encoding: 8bit |
8 |
|
|
|
9 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 |
10 |
|
|
|
11 |
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org> |
12 |
|
|
Reviewed-by: Günther Deschner <gd@samba.org> |
13 |
|
|
Reviewed-by: Uri Simchoni <uri@samba.org> |
14 |
|
|
(cherry picked from commit 2abc3710a8a63327a769ba0482c553ed274b2113) |
15 |
|
|
--- |
16 |
|
|
source4/heimdal/lib/krb5/mcache.c | 52 ++++++++++++++++++++++++++------------- |
17 |
|
|
1 file changed, 35 insertions(+), 17 deletions(-) |
18 |
|
|
|
19 |
|
|
diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c |
20 |
|
|
index e4b90c1..dc79b87 100644 |
21 |
|
|
--- a/source4/heimdal/lib/krb5/mcache.c |
22 |
|
|
+++ b/source4/heimdal/lib/krb5/mcache.c |
23 |
|
|
@@ -155,13 +155,47 @@ mcc_gen_new(krb5_context context, krb5_ccache *id) |
24 |
|
|
return 0; |
25 |
|
|
} |
26 |
|
|
|
27 |
|
|
+static void KRB5_CALLCONV |
28 |
|
|
+mcc_destroy_internal(krb5_context context, |
29 |
|
|
+ krb5_mcache *m) |
30 |
|
|
+{ |
31 |
|
|
+ struct link *l; |
32 |
|
|
+ |
33 |
|
|
+ if (m->primary_principal != NULL) { |
34 |
|
|
+ krb5_free_principal (context, m->primary_principal); |
35 |
|
|
+ m->primary_principal = NULL; |
36 |
|
|
+ } |
37 |
|
|
+ m->dead = 1; |
38 |
|
|
+ |
39 |
|
|
+ l = m->creds; |
40 |
|
|
+ while (l != NULL) { |
41 |
|
|
+ struct link *old; |
42 |
|
|
+ |
43 |
|
|
+ krb5_free_cred_contents (context, &l->cred); |
44 |
|
|
+ old = l; |
45 |
|
|
+ l = l->next; |
46 |
|
|
+ free (old); |
47 |
|
|
+ } |
48 |
|
|
+ |
49 |
|
|
+ m->creds = NULL; |
50 |
|
|
+ return; |
51 |
|
|
+} |
52 |
|
|
+ |
53 |
|
|
static krb5_error_code KRB5_CALLCONV |
54 |
|
|
mcc_initialize(krb5_context context, |
55 |
|
|
krb5_ccache id, |
56 |
|
|
krb5_principal primary_principal) |
57 |
|
|
{ |
58 |
|
|
krb5_mcache *m = MCACHE(id); |
59 |
|
|
+ /* |
60 |
|
|
+ * It's important to destroy any existing |
61 |
|
|
+ * creds here, that matches the baheviour |
62 |
|
|
+ * of all other backends and also the |
63 |
|
|
+ * MEMORY: backend in MIT. |
64 |
|
|
+ */ |
65 |
|
|
+ mcc_destroy_internal(context, m); |
66 |
|
|
m->dead = 0; |
67 |
|
|
+ m->kdc_offset = 0; |
68 |
|
|
m->mtime = time(NULL); |
69 |
|
|
return krb5_copy_principal (context, |
70 |
|
|
primary_principal, |
71 |
|
|
@@ -195,7 +229,6 @@ mcc_destroy(krb5_context context, |
72 |
|
|
krb5_ccache id) |
73 |
|
|
{ |
74 |
|
|
krb5_mcache **n, *m = MCACHE(id); |
75 |
|
|
- struct link *l; |
76 |
|
|
|
77 |
|
|
if (m->refcnt == 0) |
78 |
|
|
krb5_abortx(context, "mcc_destroy: refcnt already 0"); |
79 |
|
|
@@ -211,22 +244,7 @@ mcc_destroy(krb5_context context, |
80 |
|
|
} |
81 |
|
|
} |
82 |
|
|
HEIMDAL_MUTEX_unlock(&mcc_mutex); |
83 |
|
|
- if (m->primary_principal != NULL) { |
84 |
|
|
- krb5_free_principal (context, m->primary_principal); |
85 |
|
|
- m->primary_principal = NULL; |
86 |
|
|
- } |
87 |
|
|
- m->dead = 1; |
88 |
|
|
- |
89 |
|
|
- l = m->creds; |
90 |
|
|
- while (l != NULL) { |
91 |
|
|
- struct link *old; |
92 |
|
|
- |
93 |
|
|
- krb5_free_cred_contents (context, &l->cred); |
94 |
|
|
- old = l; |
95 |
|
|
- l = l->next; |
96 |
|
|
- free (old); |
97 |
|
|
- } |
98 |
|
|
- m->creds = NULL; |
99 |
|
|
+ mcc_destroy_internal(context, m); |
100 |
|
|
} |
101 |
|
|
return 0; |
102 |
|
|
} |
103 |
|
|
-- |
104 |
|
|
1.9.1 |
105 |
|
|
|
106 |
|
|
|
107 |
|
|
From 5484f6cb0d812d11234347f592dff1a15ef5ef50 Mon Sep 17 00:00:00 2001 |
108 |
|
|
From: Stefan Metzmacher <metze@samba.org> |
109 |
|
|
Date: Mon, 10 Oct 2016 17:07:12 +0200 |
110 |
|
|
Subject: [PATCH 2/3] s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor |
111 |
|
|
set "KRB5CCNAME" |
112 |
|
|
MIME-Version: 1.0 |
113 |
|
|
Content-Type: text/plain; charset=UTF-8 |
114 |
|
|
Content-Transfer-Encoding: 8bit |
115 |
|
|
|
116 |
|
|
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL. |
117 |
|
|
|
118 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 |
119 |
|
|
|
120 |
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org> |
121 |
|
|
Reviewed-by: Günther Deschner <gd@samba.org> |
122 |
|
|
Reviewed-by: Uri Simchoni <uri@samba.org> |
123 |
|
|
(cherry picked from commit 890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd) |
124 |
|
|
--- |
125 |
|
|
source3/libads/sasl.c | 5 ----- |
126 |
|
|
1 file changed, 5 deletions(-) |
127 |
|
|
|
128 |
|
|
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c |
129 |
|
|
index 85a2eb0..4e4486f 100644 |
130 |
|
|
--- a/source3/libads/sasl.c |
131 |
|
|
+++ b/source3/libads/sasl.c |
132 |
|
|
@@ -1027,7 +1027,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) |
133 |
|
|
{ |
134 |
|
|
ADS_STATUS status; |
135 |
|
|
struct ads_service_principal p; |
136 |
|
|
- const char *ccache_name = "MEMORY:ads_sasl_gssapi_do_bind"; |
137 |
|
|
|
138 |
|
|
status = ads_generate_service_principal(ads, &p); |
139 |
|
|
if (!ADS_ERR_OK(status)) { |
140 |
|
|
@@ -1046,10 +1045,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) |
141 |
|
|
"calling kinit\n", ads_errstr(status))); |
142 |
|
|
} |
143 |
|
|
|
144 |
|
|
- if (ads->auth.ccache_name != NULL) { |
145 |
|
|
- ccache_name = ads->auth.ccache_name; |
146 |
|
|
- } |
147 |
|
|
- setenv(KRB5_ENV_CCNAME, ccache_name, 1); |
148 |
|
|
status = ADS_ERROR_KRB5(ads_kinit_password(ads)); |
149 |
|
|
|
150 |
|
|
if (ADS_ERR_OK(status)) { |
151 |
|
|
-- |
152 |
|
|
1.9.1 |
153 |
|
|
|
154 |
|
|
|
155 |
|
|
From 012e763219f42071ced497fcc0ecd387789efd4f Mon Sep 17 00:00:00 2001 |
156 |
|
|
From: Stefan Metzmacher <metze@samba.org> |
157 |
|
|
Date: Mon, 10 Oct 2016 17:07:12 +0200 |
158 |
|
|
Subject: [PATCH 3/3] s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set |
159 |
|
|
"KRB5CCNAME" |
160 |
|
|
MIME-Version: 1.0 |
161 |
|
|
Content-Type: text/plain; charset=UTF-8 |
162 |
|
|
Content-Transfer-Encoding: 8bit |
163 |
|
|
|
164 |
|
|
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL. |
165 |
|
|
|
166 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 |
167 |
|
|
|
168 |
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org> |
169 |
|
|
Reviewed-by: Günther Deschner <gd@samba.org> |
170 |
|
|
Reviewed-by: Uri Simchoni <uri@samba.org> |
171 |
|
|
|
172 |
|
|
Autobuild-User(master): Jeremy Allison <jra@samba.org> |
173 |
|
|
Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144 |
174 |
|
|
|
175 |
|
|
(cherry picked from commit a5f895a53016af71db53967062728fec5bc307ca) |
176 |
|
|
--- |
177 |
|
|
source3/libads/sasl.c | 6 ------ |
178 |
|
|
1 file changed, 6 deletions(-) |
179 |
|
|
|
180 |
|
|
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c |
181 |
|
|
index 4e4486f..39c60c3 100644 |
182 |
|
|
--- a/source3/libads/sasl.c |
183 |
|
|
+++ b/source3/libads/sasl.c |
184 |
|
|
@@ -749,11 +749,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) |
185 |
|
|
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) && |
186 |
|
|
got_kerberos_mechanism) |
187 |
|
|
{ |
188 |
|
|
- const char *ccache_name = "MEMORY:ads_sasl_spnego_bind"; |
189 |
|
|
- if (ads->auth.ccache_name != NULL) { |
190 |
|
|
- ccache_name = ads->auth.ccache_name; |
191 |
|
|
- } |
192 |
|
|
- |
193 |
|
|
if (ads->auth.password == NULL || |
194 |
|
|
ads->auth.password[0] == '\0') |
195 |
|
|
{ |
196 |
|
|
@@ -771,7 +766,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) |
197 |
|
|
"calling kinit\n", ads_errstr(status))); |
198 |
|
|
} |
199 |
|
|
|
200 |
|
|
- setenv(KRB5_ENV_CCNAME, ccache_name, 1); |
201 |
|
|
status = ADS_ERROR_KRB5(ads_kinit_password(ads)); |
202 |
|
|
|
203 |
|
|
if (ADS_ERR_OK(status)) { |
204 |
|
|
-- |
205 |
|
|
1.9.1 |
206 |
|
|
|