| 1 |
From 66668deb267d63f17c70aaea6f720a7c440bb71c Mon Sep 17 00:00:00 2001 |
| 2 |
From: Stefan Metzmacher <metze@samba.org> |
| 3 |
Date: Mon, 10 Oct 2016 15:53:26 +0200 |
| 4 |
Subject: [PATCH 1/3] HEIMDAL:lib/krb5: destroy a memory ccache on reinit |
| 5 |
MIME-Version: 1.0 |
| 6 |
Content-Type: text/plain; charset=UTF-8 |
| 7 |
Content-Transfer-Encoding: 8bit |
| 8 |
|
| 9 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 |
| 10 |
|
| 11 |
Signed-off-by: Stefan Metzmacher <metze@samba.org> |
| 12 |
Reviewed-by: Günther Deschner <gd@samba.org> |
| 13 |
Reviewed-by: Uri Simchoni <uri@samba.org> |
| 14 |
(cherry picked from commit 2abc3710a8a63327a769ba0482c553ed274b2113) |
| 15 |
--- |
| 16 |
source4/heimdal/lib/krb5/mcache.c | 52 ++++++++++++++++++++++++++------------- |
| 17 |
1 file changed, 35 insertions(+), 17 deletions(-) |
| 18 |
|
| 19 |
diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c |
| 20 |
index e4b90c1..dc79b87 100644 |
| 21 |
--- a/source4/heimdal/lib/krb5/mcache.c |
| 22 |
+++ b/source4/heimdal/lib/krb5/mcache.c |
| 23 |
@@ -155,13 +155,47 @@ mcc_gen_new(krb5_context context, krb5_ccache *id) |
| 24 |
return 0; |
| 25 |
} |
| 26 |
|
| 27 |
+static void KRB5_CALLCONV |
| 28 |
+mcc_destroy_internal(krb5_context context, |
| 29 |
+ krb5_mcache *m) |
| 30 |
+{ |
| 31 |
+ struct link *l; |
| 32 |
+ |
| 33 |
+ if (m->primary_principal != NULL) { |
| 34 |
+ krb5_free_principal (context, m->primary_principal); |
| 35 |
+ m->primary_principal = NULL; |
| 36 |
+ } |
| 37 |
+ m->dead = 1; |
| 38 |
+ |
| 39 |
+ l = m->creds; |
| 40 |
+ while (l != NULL) { |
| 41 |
+ struct link *old; |
| 42 |
+ |
| 43 |
+ krb5_free_cred_contents (context, &l->cred); |
| 44 |
+ old = l; |
| 45 |
+ l = l->next; |
| 46 |
+ free (old); |
| 47 |
+ } |
| 48 |
+ |
| 49 |
+ m->creds = NULL; |
| 50 |
+ return; |
| 51 |
+} |
| 52 |
+ |
| 53 |
static krb5_error_code KRB5_CALLCONV |
| 54 |
mcc_initialize(krb5_context context, |
| 55 |
krb5_ccache id, |
| 56 |
krb5_principal primary_principal) |
| 57 |
{ |
| 58 |
krb5_mcache *m = MCACHE(id); |
| 59 |
+ /* |
| 60 |
+ * It's important to destroy any existing |
| 61 |
+ * creds here, that matches the baheviour |
| 62 |
+ * of all other backends and also the |
| 63 |
+ * MEMORY: backend in MIT. |
| 64 |
+ */ |
| 65 |
+ mcc_destroy_internal(context, m); |
| 66 |
m->dead = 0; |
| 67 |
+ m->kdc_offset = 0; |
| 68 |
m->mtime = time(NULL); |
| 69 |
return krb5_copy_principal (context, |
| 70 |
primary_principal, |
| 71 |
@@ -195,7 +229,6 @@ mcc_destroy(krb5_context context, |
| 72 |
krb5_ccache id) |
| 73 |
{ |
| 74 |
krb5_mcache **n, *m = MCACHE(id); |
| 75 |
- struct link *l; |
| 76 |
|
| 77 |
if (m->refcnt == 0) |
| 78 |
krb5_abortx(context, "mcc_destroy: refcnt already 0"); |
| 79 |
@@ -211,22 +244,7 @@ mcc_destroy(krb5_context context, |
| 80 |
} |
| 81 |
} |
| 82 |
HEIMDAL_MUTEX_unlock(&mcc_mutex); |
| 83 |
- if (m->primary_principal != NULL) { |
| 84 |
- krb5_free_principal (context, m->primary_principal); |
| 85 |
- m->primary_principal = NULL; |
| 86 |
- } |
| 87 |
- m->dead = 1; |
| 88 |
- |
| 89 |
- l = m->creds; |
| 90 |
- while (l != NULL) { |
| 91 |
- struct link *old; |
| 92 |
- |
| 93 |
- krb5_free_cred_contents (context, &l->cred); |
| 94 |
- old = l; |
| 95 |
- l = l->next; |
| 96 |
- free (old); |
| 97 |
- } |
| 98 |
- m->creds = NULL; |
| 99 |
+ mcc_destroy_internal(context, m); |
| 100 |
} |
| 101 |
return 0; |
| 102 |
} |
| 103 |
-- |
| 104 |
1.9.1 |
| 105 |
|
| 106 |
|
| 107 |
From 5484f6cb0d812d11234347f592dff1a15ef5ef50 Mon Sep 17 00:00:00 2001 |
| 108 |
From: Stefan Metzmacher <metze@samba.org> |
| 109 |
Date: Mon, 10 Oct 2016 17:07:12 +0200 |
| 110 |
Subject: [PATCH 2/3] s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor |
| 111 |
set "KRB5CCNAME" |
| 112 |
MIME-Version: 1.0 |
| 113 |
Content-Type: text/plain; charset=UTF-8 |
| 114 |
Content-Transfer-Encoding: 8bit |
| 115 |
|
| 116 |
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL. |
| 117 |
|
| 118 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 |
| 119 |
|
| 120 |
Signed-off-by: Stefan Metzmacher <metze@samba.org> |
| 121 |
Reviewed-by: Günther Deschner <gd@samba.org> |
| 122 |
Reviewed-by: Uri Simchoni <uri@samba.org> |
| 123 |
(cherry picked from commit 890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd) |
| 124 |
--- |
| 125 |
source3/libads/sasl.c | 5 ----- |
| 126 |
1 file changed, 5 deletions(-) |
| 127 |
|
| 128 |
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c |
| 129 |
index 85a2eb0..4e4486f 100644 |
| 130 |
--- a/source3/libads/sasl.c |
| 131 |
+++ b/source3/libads/sasl.c |
| 132 |
@@ -1027,7 +1027,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) |
| 133 |
{ |
| 134 |
ADS_STATUS status; |
| 135 |
struct ads_service_principal p; |
| 136 |
- const char *ccache_name = "MEMORY:ads_sasl_gssapi_do_bind"; |
| 137 |
|
| 138 |
status = ads_generate_service_principal(ads, &p); |
| 139 |
if (!ADS_ERR_OK(status)) { |
| 140 |
@@ -1046,10 +1045,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) |
| 141 |
"calling kinit\n", ads_errstr(status))); |
| 142 |
} |
| 143 |
|
| 144 |
- if (ads->auth.ccache_name != NULL) { |
| 145 |
- ccache_name = ads->auth.ccache_name; |
| 146 |
- } |
| 147 |
- setenv(KRB5_ENV_CCNAME, ccache_name, 1); |
| 148 |
status = ADS_ERROR_KRB5(ads_kinit_password(ads)); |
| 149 |
|
| 150 |
if (ADS_ERR_OK(status)) { |
| 151 |
-- |
| 152 |
1.9.1 |
| 153 |
|
| 154 |
|
| 155 |
From 012e763219f42071ced497fcc0ecd387789efd4f Mon Sep 17 00:00:00 2001 |
| 156 |
From: Stefan Metzmacher <metze@samba.org> |
| 157 |
Date: Mon, 10 Oct 2016 17:07:12 +0200 |
| 158 |
Subject: [PATCH 3/3] s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set |
| 159 |
"KRB5CCNAME" |
| 160 |
MIME-Version: 1.0 |
| 161 |
Content-Type: text/plain; charset=UTF-8 |
| 162 |
Content-Transfer-Encoding: 8bit |
| 163 |
|
| 164 |
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL. |
| 165 |
|
| 166 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 |
| 167 |
|
| 168 |
Signed-off-by: Stefan Metzmacher <metze@samba.org> |
| 169 |
Reviewed-by: Günther Deschner <gd@samba.org> |
| 170 |
Reviewed-by: Uri Simchoni <uri@samba.org> |
| 171 |
|
| 172 |
Autobuild-User(master): Jeremy Allison <jra@samba.org> |
| 173 |
Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144 |
| 174 |
|
| 175 |
(cherry picked from commit a5f895a53016af71db53967062728fec5bc307ca) |
| 176 |
--- |
| 177 |
source3/libads/sasl.c | 6 ------ |
| 178 |
1 file changed, 6 deletions(-) |
| 179 |
|
| 180 |
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c |
| 181 |
index 4e4486f..39c60c3 100644 |
| 182 |
--- a/source3/libads/sasl.c |
| 183 |
+++ b/source3/libads/sasl.c |
| 184 |
@@ -749,11 +749,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) |
| 185 |
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) && |
| 186 |
got_kerberos_mechanism) |
| 187 |
{ |
| 188 |
- const char *ccache_name = "MEMORY:ads_sasl_spnego_bind"; |
| 189 |
- if (ads->auth.ccache_name != NULL) { |
| 190 |
- ccache_name = ads->auth.ccache_name; |
| 191 |
- } |
| 192 |
- |
| 193 |
if (ads->auth.password == NULL || |
| 194 |
ads->auth.password[0] == '\0') |
| 195 |
{ |
| 196 |
@@ -771,7 +766,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) |
| 197 |
"calling kinit\n", ads_errstr(status))); |
| 198 |
} |
| 199 |
|
| 200 |
- setenv(KRB5_ENV_CCNAME, ccache_name, 1); |
| 201 |
status = ADS_ERROR_KRB5(ads_kinit_password(ads)); |
| 202 |
|
| 203 |
if (ADS_ERR_OK(status)) { |
| 204 |
-- |
| 205 |
1.9.1 |
| 206 |
|
Parent Directory
| 
Revision Log
| 
Revision Graph
