The branch, master has been updated
via 0e45b40 s4-auth: Initialize the tokens by default.
via abcc290 krb5_wrap: Use com_err in krb5_warnx.
via cef0ee2 s4-dsdb/cracknames: free realm from
smb_krb5_principal_get_realm().
via d9167c3 s3-libads/krb5_setpw: free realm from
smb_krb5_principal_get_realm().
via 496bbd1 lib/krb5_wrap: make sure smb_krb5_principal_get_realm
returns a malloced string.
via 3913961 wscript: Only build gensec_krb5 with heimdal.
from 1ad71f7 printing: reload printer shares on OpenPrinter
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0e45b4051185ba57de25c1e53cba48b9e5d50c15
Author: Andreas Schneider <[email protected]>
Date: Fri Jul 18 12:57:20 2014 +0200
s4-auth: Initialize the tokens by default.
Found with valgrind.
Signed-off-by: Andreas Schneider <[email protected]>
Pair-Programmed-With: Guenther Deschner <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Autobuild-User(master): Günther Deschner <[email protected]>
Autobuild-Date(master): Fri Aug 8 19:01:56 CEST 2014 on sn-devel-104
commit abcc290e9adf06145133868e608c301a3b60e796
Author: Andreas Schneider <[email protected]>
Date: Tue May 20 14:30:16 2014 +0200
krb5_wrap: Use com_err in krb5_warnx.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit cef0ee28ecae9b7e3126b7f3739501c4c9802ca2
Author: Günther Deschner <[email protected]>
Date: Thu May 15 09:46:21 2014 +0200
s4-dsdb/cracknames: free realm from smb_krb5_principal_get_realm().
Guenther
Signed-off-by: Günther Deschner <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit d9167c3044b9a4ebe0da3d4019eb9fa95242e3b9
Author: Günther Deschner <[email protected]>
Date: Thu May 15 09:45:32 2014 +0200
s3-libads/krb5_setpw: free realm from smb_krb5_principal_get_realm().
Guenther
Signed-off-by: Günther Deschner <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 496bbd12b3dd388221334bc02a4cff21ef23b752
Author: Günther Deschner <[email protected]>
Date: Thu May 15 09:44:23 2014 +0200
lib/krb5_wrap: make sure smb_krb5_principal_get_realm returns a malloced
string.
Guenther
Signed-off-by: Guenther Deschner <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 391396154620ddc897bf918abde69c8aea5046c9
Author: Andreas Schneider <[email protected]>
Date: Thu Aug 7 15:28:57 2014 +0200
wscript: Only build gensec_krb5 with heimdal.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
lib/krb5_wrap/krb5_samba.c | 15 ++++++++++-----
source3/libads/krb5_setpw.c | 8 +++++---
source4/auth/gensec/gensec_gssapi.c | 4 +++-
source4/auth/gensec/wscript_build | 2 +-
source4/dsdb/samdb/cracknames.c | 7 ++++---
5 files changed, 23 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index a3743ae..39926a6 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -25,6 +25,10 @@
#include "krb5_samba.h"
#include "lib/util/asn1.h"
+#ifdef HAVE_COM_ERR_H
+#include <com_err.h>
+#endif /* HAVE_COM_ERR_H */
+
#ifndef KRB5_AUTHDATA_WIN2K_PAC
#define KRB5_AUTHDATA_WIN2K_PAC 128
#endif
@@ -2297,19 +2301,21 @@ krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX
*mem_ctx,
* @param[in] principal The principal
* @return pointer to the realm
*
+ * Caller must free if the return value is not NULL.
+ *
*/
char *smb_krb5_principal_get_realm(krb5_context context,
krb5_const_principal principal)
{
#ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */
- return discard_const_p(char, krb5_principal_get_realm(context,
principal));
+ return strdup(discard_const_p(char, krb5_principal_get_realm(context,
principal)));
#elif defined(krb5_princ_realm) /* MIT */
krb5_data *realm;
realm = krb5_princ_realm(context, principal);
- return discard_const_p(char, realm->data);
+ return strndup(realm->data, realm->length);
#else
- return NULL;
+#error UNKNOWN_GET_PRINC_REALM_FUNCTIONS
#endif
}
@@ -2607,8 +2613,7 @@ krb5_error_code krb5_warnx(krb5_context context, const
char *fmt, ...)
va_list args;
va_start(args, fmt);
- DEBUG(1,(fmt, args));
- DEBUGADD(1,("\n"));
+ com_err_va("kdb_samba", errno, fmt, args);
va_end(args);
return 0;
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index d84dd5d..d27e55b 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -575,7 +575,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host,
const char *princ,
ADS_STATUS aret;
krb5_error_code ret = 0;
krb5_context context = NULL;
- const char *realm = NULL;
+ char *realm = NULL;
unsigned int realm_len = 0;
krb5_creds creds, *credsp = NULL;
krb5_ccache ccache = NULL;
@@ -615,7 +615,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host,
const char *princ,
&creds.server,
realm_len,
realm, "kadmin", "changepw", NULL);
-
+ free(realm);
ret = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
if (ret) {
krb5_cc_close(context, ccache);
@@ -692,7 +692,7 @@ static ADS_STATUS ads_krb5_chg_password(const char
*kdc_host,
krb5_get_init_creds_opt opts;
krb5_creds creds;
char *chpw_princ = NULL, *password;
- const char *realm = NULL;
+ char *realm = NULL;
initialize_krb5_error_table();
ret = krb5_init_context(&context);
@@ -719,10 +719,12 @@ static ADS_STATUS ads_krb5_chg_password(const char
*kdc_host,
/* We have to obtain an INITIAL changepw ticket for changing password */
if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
krb5_free_context(context);
+ free(realm);
DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
+ free(realm);
password = SMB_STRDUP(oldpw);
ret = krb5_get_init_creds_password(context, &creds, princ, password,
kerb_prompter, NULL,
diff --git a/source4/auth/gensec/gensec_gssapi.c
b/source4/auth/gensec/gensec_gssapi.c
index fdae2a8..91cbfcd 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -425,7 +425,9 @@ static NTSTATUS gensec_gssapi_update(struct gensec_security
*gensec_security,
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
OM_uint32 maj_stat, min_stat;
OM_uint32 min_stat2;
- gss_buffer_desc input_token, output_token;
+ gss_buffer_desc input_token = { 0, NULL };
+ gss_buffer_desc output_token = { 0, NULL };
+
gss_OID gss_oid_p = NULL;
OM_uint32 time_req = 0;
OM_uint32 time_rec = 0;
diff --git a/source4/auth/gensec/wscript_build
b/source4/auth/gensec/wscript_build
index df633d4..1a44a90 100755
--- a/source4/auth/gensec/wscript_build
+++ b/source4/auth/gensec/wscript_build
@@ -11,7 +11,7 @@ bld.SAMBA_MODULE('gensec_krb5',
init_function='gensec_krb5_init',
deps='samba-credentials authkrb5 com_err gensec_util',
internal_module=False,
- enabled=bld.AD_DC_BUILD_IS_ENABLED()
+ enabled=bld.AD_DC_BUILD_IS_ENABLED() and
bld.CONFIG_SET('SAMBA4_USES_HEIMDAL')
)
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index 5e97efc..7c189d3 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -56,7 +56,7 @@ static WERROR dns_domain_from_principal(TALLOC_CTX *mem_ctx,
struct smb_krb5_con
krb5_error_code ret;
krb5_principal principal;
/* perhaps it's a principal with a realm, so return the right 'domain
only' response */
- const char *realm;
+ char *realm;
ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name,
KRB5_PRINCIPAL_PARSE_REQUIRE_REALM,
&principal);
if (ret) {
@@ -64,11 +64,11 @@ static WERROR dns_domain_from_principal(TALLOC_CTX
*mem_ctx, struct smb_krb5_con
return WERR_OK;
}
- /* This isn't an allocation assignemnt, so it is free'ed with the
krb5_free_principal */
realm = smb_krb5_principal_get_realm(smb_krb5_context->krb5_context,
principal);
info1->dns_domain_name = talloc_strdup(mem_ctx, realm);
krb5_free_principal(smb_krb5_context->krb5_context, principal);
+ free(realm);
W_ERROR_HAVE_NO_MEMORY(info1->dns_domain_name);
@@ -271,7 +271,7 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
const char *result_filter = NULL;
krb5_error_code ret;
krb5_principal principal;
- const char *realm;
+ char *realm;
char *unparsed_name_short;
const char *domain_attrs[] = { NULL };
struct ldb_result *domain_res = NULL;
@@ -301,6 +301,7 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
ldb_binary_encode_string(mem_ctx, realm),
LDB_OID_COMPARATOR_AND,
SYSTEM_FLAG_CR_NTDS_DOMAIN);
+ free(realm);
if (ldb_ret != LDB_SUCCESS) {
DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s\n",
ldb_errstring(sam_ctx)));
--
Samba Shared Repository
