/[smeserver]/rpms/samba/sme10/samba-v4.6-credentials-fix-realm.patch
ViewVC logotype

Annotation of /rpms/samba/sme10/samba-v4.6-credentials-fix-realm.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue May 8 16:37:54 2018 UTC (6 years, 5 months ago) by jpp
Branch: MAIN
CVS Tags: samba-4_6_2-12_el7_4, samba--, samba-4_6_2-12_3_el7_sme, samba-4_6_2-12_4_el7_sme, samba-4_6_2-12_2_el7_sme
upgrade to samba-4.6.2-12

1 jpp 1.1 commit 4dc389c6ae95b7bd34e762b5362c8a79fbda7c7c
2     Author: Andreas Schneider <asn@samba.org>
3     Date: Wed Dec 21 22:17:22 2016 +0100
4    
5     auth/credentials: Always set the the realm if we set the principal from the ccache
6    
7     This fixes a bug in gensec_gssapi_client_start() where an invalid realm
8     is used to get a Kerberos ticket.
9    
10     Signed-off-by: Andreas Schneider <asn@samba.org>
11     Reviewed-by: Stefan Metzmacher <metze@samba.org>
12     (cherry picked from commit 30c07065300281e3a67197fe39ed928346480ff7)
13    
14     diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
15     index 0e68012..1912c48 100644
16     --- a/auth/credentials/credentials_krb5.c
17     +++ b/auth/credentials/credentials_krb5.c
18     @@ -107,7 +107,8 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
19     enum credentials_obtained obtained,
20     const char **error_string)
21     {
22     -
23     + bool ok;
24     + char *realm;
25     krb5_principal princ;
26     krb5_error_code ret;
27     char *name;
28     @@ -134,11 +135,24 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred,
29     return ret;
30     }
31    
32     - cli_credentials_set_principal(cred, name, obtained);
33     -
34     + ok = cli_credentials_set_principal(cred, name, obtained);
35     + if (!ok) {
36     + krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ);
37     + return ENOMEM;
38     + }
39     free(name);
40    
41     + realm = smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context,
42     + princ);
43     krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ);
44     + if (realm == NULL) {
45     + return ENOMEM;
46     + }
47     + ok = cli_credentials_set_realm(cred, realm, obtained);
48     + SAFE_FREE(realm);
49     + if (!ok) {
50     + return ENOMEM;
51     + }
52    
53     /* set the ccache_obtained here, as it just got set to UNINITIALISED by the calls above */
54     cred->ccache_obtained = obtained;

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed