The branch, master has been updated
via 1ae9044... s4:gensec Use a different form of 'name' in GSSAPI
import_name()
via 6be72df... Simple fix to prevent crash for non-pac principals
via 8c61477... s4:kerberos Give a better error message than "Could not
allocate memory"
from 8219c4f... s4:kcc_periodic.c - fix counter types
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1ae9044b8e2347a0c8c948a65a22fae6ec1ef385
Author: Andrew Bartlett <[email protected]>
Date: Tue Apr 20 15:00:50 2010 +1000
s4:gensec Use a different form of 'name' in GSSAPI import_name()
The idea here is to make it not dependent on the system's default
realm.
Andrew Bartlett
commit 6be72df7362c27c973a63a960d0b87eefa22db15
Author: Marcel Ritter <[email protected]>
Date: Thu Apr 22 14:29:52 2010 +0200
Simple fix to prevent crash for non-pac principals
Signed-off-by: Andrew Bartlett <[email protected]>
commit 8c6147715371e88c425ff8530f9bd7f44cd4cafb
Author: Andrew Bartlett <[email protected]>
Date: Tue Apr 27 13:57:39 2010 +1000
s4:kerberos Give a better error message than "Could not allocate memory"
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
source4/auth/credentials/credentials_krb5.c | 6 +++---
source4/auth/gensec/gensec_gssapi.c | 6 +++---
source4/kdc/pac-glue.c | 5 +++++
3 files changed, 11 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/credentials/credentials_krb5.c
b/source4/auth/credentials/credentials_krb5.c
index 1e0db3c..d760730 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -423,7 +423,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
} else {
ret = EINVAL;
}
- (*error_string) = error_message(ENOMEM);
+ (*error_string) = talloc_asprintf(cred, "gss_krb5_import_cred
failed: %s", error_message(ret));
return ret;
}
@@ -455,7 +455,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
} else {
ret = EINVAL;
}
- (*error_string) = error_message(ENOMEM);
+ (*error_string) = talloc_asprintf(cred,
"gss_krb5_set_allowable_enctypes failed: %s", error_message(ret));
return ret;
}
}
@@ -471,7 +471,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
} else {
ret = EINVAL;
}
- (*error_string) = error_message(ENOMEM);
+ (*error_string) = talloc_asprintf(cred, "gss_set_cred_option
failed: %s", error_message(ret));
return ret;
}
diff --git a/source4/auth/gensec/gensec_gssapi.c
b/source4/auth/gensec/gensec_gssapi.c
index fe9aaa3..9e974cb 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -347,11 +347,11 @@ static NTSTATUS gensec_gssapi_client_start(struct
gensec_security *gensec_securi
if (principal &&
lp_client_use_spnego_principal(gensec_security->settings->lp_ctx)) {
name_type = GSS_C_NULL_OID;
} else {
- principal = talloc_asprintf(gensec_gssapi_state, "%...@%s",
+ principal = talloc_asprintf(gensec_gssapi_state, "%s/%...@%s",
gensec_get_target_service(gensec_security),
- hostname);
+ hostname,
lp_realm(gensec_security->settings->lp_ctx));
- name_type = GSS_C_NT_HOSTBASED_SERVICE;
+ name_type = GSS_C_NT_USER_NAME;
}
name_token.value = discard_const_p(uint8_t, principal);
name_token.length = strlen(principal);
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 97f7416..2a932fa 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -79,6 +79,11 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
krb5_data pac_data;
krb5_error_code ret;
+ /* The user account may be set not to want the PAC */
+ if (!pac_blob) {
+ return 0;
+ }
+
ret = krb5_data_copy(&pac_data, pac_blob->data, pac_blob->length);
if (ret != 0) {
return ret;
--
Samba Shared Repository
