The branch, master has been updated via 40eac8e libads: record service ticket endtime for sealed ldap connections via 9efa61c dbwrap: Remove an unused variable via 98f414c lib: Remove unused hex_encode() via c8e9574 ntlm_auth: Remove two uses of hex_encode() via 7ceded5 lib: Make sid_binstring_hex use TALLOC via b7c53a7 lib: Simplify sid_binstring_hex() from 6e08bfb Add IPv6 support for determining FQDN during ADS join.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 40eac8e4d8bc85f2329b8ed6c5ba96a141dc20a3 Author: Uri Simchoni <urisimch...@gmail.com> Date: Sat May 9 22:59:17 2015 +0300 libads: record service ticket endtime for sealed ldap connections When a ticket is obtained for binding a signed/sealed ldap connection, its liftime should be recorded in the ads struct, in order to enable reuse of the connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11267 Signed-off-by: Uri Simchoni <urisimch...@gmail.com> Reviewed-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Böhme <r...@sernet.de> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed May 13 04:32:16 CEST 2015 on sn-devel-104 commit 9efa61c8631e8c6088611df2c38add0d4ee7114b Author: Volker Lendecke <v...@samba.org> Date: Fri May 8 13:15:37 2015 +0000 dbwrap: Remove an unused variable Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 98f414c959a1a3b539f91885f4a2c8668149ae10 Author: Volker Lendecke <v...@samba.org> Date: Fri May 8 10:24:48 2015 +0000 lib: Remove unused hex_encode() Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit c8e9574f41f912b26a9947c4973752f24c7ad904 Author: Volker Lendecke <v...@samba.org> Date: Fri May 8 10:12:21 2015 +0000 ntlm_auth: Remove two uses of hex_encode() Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 7ceded5ed7cc8b061c16f65c33c3cfc50ebdcc69 Author: Volker Lendecke <v...@samba.org> Date: Fri May 8 10:06:23 2015 +0000 lib: Make sid_binstring_hex use TALLOC talloc_tos() is better than plain malloc... Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit b7c53a7de15d9167b98150e40eba4862458c2fdc Author: Volker Lendecke <v...@samba.org> Date: Fri May 8 07:06:53 2015 +0000 lib: Simplify sid_binstring_hex() Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/dbwrap/dbwrap_local_open.c | 2 -- lib/util/samba_util.h | 7 +------ lib/util/util.c | 14 +------------- source3/include/proto.h | 2 +- source3/lib/util_sid.c | 11 +++-------- source3/libads/ldap_utils.c | 6 +++--- source3/libads/sasl.c | 23 +++++++++++++++++++++++ source4/utils/ntlm_auth.c | 18 ++++++++---------- 8 files changed, 40 insertions(+), 43 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/dbwrap/dbwrap_local_open.c b/lib/dbwrap/dbwrap_local_open.c index c850e3c..6509ff9 100644 --- a/lib/dbwrap/dbwrap_local_open.c +++ b/lib/dbwrap/dbwrap_local_open.c @@ -32,13 +32,11 @@ struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx, enum dbwrap_lock_order lock_order, uint64_t dbwrap_flags) { - TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); struct db_context *db = NULL; db = db_open_tdb(mem_ctx, lp_ctx, name, hash_size, tdb_flags, open_flags, mode, lock_order, dbwrap_flags); - talloc_free(tmp_ctx); return db; } diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h index 176930b..1c974cd 100644 --- a/lib/util/samba_util.h +++ b/lib/util/samba_util.h @@ -205,12 +205,7 @@ _PUBLIC_ _PURE_ DATA_BLOB strhex_to_data_blob(TALLOC_CTX *mem_ctx, const char *s _PUBLIC_ void hex_encode_buf(char *dst, const uint8_t *src, size_t srclen); /** - * Routine to print a buffer as HEX digits, into an allocated string. - */ -_PUBLIC_ void hex_encode(const unsigned char *buff_in, size_t len, char **out_hex_buffer); - -/** - * talloc version of hex_encode() + * talloc version of hex_encode_buf() */ _PUBLIC_ char *hex_encode_talloc(TALLOC_CTX *mem_ctx, const unsigned char *buff_in, size_t len); diff --git a/lib/util/util.c b/lib/util/util.c index 562f7df..9ef7124 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -932,19 +932,7 @@ _PUBLIC_ void hex_encode_buf(char *dst, const uint8_t *src, size_t srclen) } /** - * Routine to print a buffer as HEX digits, into an allocated string. - */ -_PUBLIC_ void hex_encode(const unsigned char *buff_in, size_t len, char **out_hex_buffer) -{ - char *hex_buffer; - - *out_hex_buffer = malloc_array_p(char, (len*2)+1); - hex_buffer = *out_hex_buffer; - hex_encode_buf(hex_buffer, buff_in, len); -} - -/** - * talloc version of hex_encode() + * talloc version of hex_encode_buf() */ _PUBLIC_ char *hex_encode_talloc(TALLOC_CTX *mem_ctx, const unsigned char *buff_in, size_t len) { diff --git a/source3/include/proto.h b/source3/include/proto.h index 815c864..dad4dd9 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -524,7 +524,7 @@ char *sid_string_dbg(const struct dom_sid *sid); char *sid_string_tos(const struct dom_sid *sid); bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid); bool non_mappable_sid(struct dom_sid *sid); -char *sid_binstring_hex(const struct dom_sid *sid); +char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); struct netr_SamInfo3; NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index f051b7a..e336510 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -113,17 +113,12 @@ bool non_mappable_sid(struct dom_sid *sid) Caller must free. *****************************************************************/ -char *sid_binstring_hex(const struct dom_sid *sid) +char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) { - char *buf, *s; int len = ndr_size_dom_sid(sid, 0); - buf = (char *)SMB_MALLOC(len); - if (!buf) - return NULL; + char buf[len]; sid_linearize(buf, len, sid); - hex_encode((const unsigned char *)buf, len, &s); - free(buf); - return s; + return hex_encode_talloc(mem_ctx, (const unsigned char *)buf, len); } NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c index 117dc55..157f694 100644 --- a/source3/libads/ldap_utils.c +++ b/source3/libads/ldap_utils.c @@ -214,20 +214,20 @@ static ADS_STATUS ads_do_search_retry_args(ADS_STRUCT *ads, const char *bind_pat char *dn, *sid_string; ADS_STATUS status; - sid_string = sid_binstring_hex(sid); + sid_string = sid_binstring_hex_talloc(talloc_tos(), sid); if (sid_string == NULL) { return ADS_ERROR(LDAP_NO_MEMORY); } if (!asprintf(&dn, "<SID=%s>", sid_string)) { - SAFE_FREE(sid_string); + TALLOC_FREE(sid_string); return ADS_ERROR(LDAP_NO_MEMORY); } status = ads_do_search_retry(ads, dn, LDAP_SCOPE_BASE, "(objectclass=*)", attrs, res); SAFE_FREE(dn); - SAFE_FREE(sid_string); + TALLOC_FREE(sid_string); return status; } diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index ce3740f..db7335e 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -458,6 +458,8 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t DATA_BLOB unwrapped; DATA_BLOB wrapped; struct berval cred, *scred = NULL; + uint32_t context_validity = 0; + time_t context_endtime = 0; status = ads_init_gssapi_cred(ads, &gss_cred); if (!ADS_ERR_OK(status)) { @@ -652,6 +654,26 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t goto failed; } + gss_rc = + gss_context_time(&minor_status, context_handle, &context_validity); + if (gss_rc == GSS_S_COMPLETE) { + if (context_validity != 0) { + context_endtime = time(NULL) + context_validity; + DEBUG(10, ("context (service ticket) valid for " + "%u seconds\n", + context_validity)); + } else { + DEBUG(10, ("context (service ticket) expired\n")); + } + } else { + DEBUG(1, ("gss_context_time failed (%d,%u) -" + " this will be a one-time context\n", + gss_rc, minor_status)); + if (gss_rc == GSS_S_CONTEXT_EXPIRED) { + DEBUG(10, ("context (service ticket) expired\n")); + } + } + if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) { uint32_t max_msg_size = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED; @@ -677,6 +699,7 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t context_handle = GSS_C_NO_CONTEXT; } + ads->auth.tgs_expire = context_endtime; status = ADS_SUCCESS; failed: diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c index f44e782..f7c95eb 100644 --- a/source4/utils/ntlm_auth.c +++ b/source4/utils/ntlm_auth.c @@ -796,8 +796,6 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod SAFE_FREE(error_string); } else { static char zeros[16]; - char *hex_lm_key; - char *hex_user_session_key; mux_printf(mux_id, "Authenticated: Yes\n"); @@ -805,22 +803,22 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod && lm_key.length && (memcmp(zeros, lm_key.data, lm_key.length) != 0)) { - hex_encode(lm_key.data, - lm_key.length, - &hex_lm_key); + char hex_lm_key[lm_key.length*2+1]; + hex_encode_buf(hex_lm_key, lm_key.data, + lm_key.length); mux_printf(mux_id, "LANMAN-Session-Key: %s\n", hex_lm_key); - SAFE_FREE(hex_lm_key); } if (ntlm_server_1_user_session_key && user_session_key.length && (memcmp(zeros, user_session_key.data, user_session_key.length) != 0)) { - hex_encode(user_session_key.data, - user_session_key.length, - &hex_user_session_key); + char hex_user_session_key[ + user_session_key.length*2+1]; + hex_encode_buf(hex_user_session_key, + user_session_key.data, + user_session_key.length); mux_printf(mux_id, "User-Session-Key: %s\n", hex_user_session_key); - SAFE_FREE(hex_user_session_key); } } } -- Samba Shared Repository