The branch, master has been updated
via 40eac8e libads: record service ticket endtime for sealed ldap
connections
via 9efa61c dbwrap: Remove an unused variable
via 98f414c lib: Remove unused hex_encode()
via c8e9574 ntlm_auth: Remove two uses of hex_encode()
via 7ceded5 lib: Make sid_binstring_hex use TALLOC
via b7c53a7 lib: Simplify sid_binstring_hex()
from 6e08bfb Add IPv6 support for determining FQDN during ADS join.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 40eac8e4d8bc85f2329b8ed6c5ba96a141dc20a3
Author: Uri Simchoni <urisimch...@gmail.com>
Date: Sat May 9 22:59:17 2015 +0300
libads: record service ticket endtime for sealed ldap connections
When a ticket is obtained for binding a signed/sealed ldap connection,
its liftime should be recorded in the ads struct, in order to enable
reuse of the connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11267
Signed-off-by: Uri Simchoni <urisimch...@gmail.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Böhme <r...@sernet.de>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Wed May 13 04:32:16 CEST 2015 on sn-devel-104
commit 9efa61c8631e8c6088611df2c38add0d4ee7114b
Author: Volker Lendecke <v...@samba.org>
Date: Fri May 8 13:15:37 2015 +0000
dbwrap: Remove an unused variable
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 98f414c959a1a3b539f91885f4a2c8668149ae10
Author: Volker Lendecke <v...@samba.org>
Date: Fri May 8 10:24:48 2015 +0000
lib: Remove unused hex_encode()
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit c8e9574f41f912b26a9947c4973752f24c7ad904
Author: Volker Lendecke <v...@samba.org>
Date: Fri May 8 10:12:21 2015 +0000
ntlm_auth: Remove two uses of hex_encode()
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 7ceded5ed7cc8b061c16f65c33c3cfc50ebdcc69
Author: Volker Lendecke <v...@samba.org>
Date: Fri May 8 10:06:23 2015 +0000
lib: Make sid_binstring_hex use TALLOC
talloc_tos() is better than plain malloc...
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit b7c53a7de15d9167b98150e40eba4862458c2fdc
Author: Volker Lendecke <v...@samba.org>
Date: Fri May 8 07:06:53 2015 +0000
lib: Simplify sid_binstring_hex()
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/dbwrap/dbwrap_local_open.c | 2 --
lib/util/samba_util.h | 7 +------
lib/util/util.c | 14 +-------------
source3/include/proto.h | 2 +-
source3/lib/util_sid.c | 11 +++--------
source3/libads/ldap_utils.c | 6 +++---
source3/libads/sasl.c | 23 +++++++++++++++++++++++
source4/utils/ntlm_auth.c | 18 ++++++++----------
8 files changed, 40 insertions(+), 43 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/dbwrap/dbwrap_local_open.c b/lib/dbwrap/dbwrap_local_open.c
index c850e3c..6509ff9 100644
--- a/lib/dbwrap/dbwrap_local_open.c
+++ b/lib/dbwrap/dbwrap_local_open.c
@@ -32,13 +32,11 @@ struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
enum dbwrap_lock_order lock_order,
uint64_t dbwrap_flags)
{
- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct db_context *db = NULL;
db = db_open_tdb(mem_ctx, lp_ctx, name, hash_size,
tdb_flags, open_flags, mode,
lock_order, dbwrap_flags);
- talloc_free(tmp_ctx);
return db;
}
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 176930b..1c974cd 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -205,12 +205,7 @@ _PUBLIC_ _PURE_ DATA_BLOB strhex_to_data_blob(TALLOC_CTX
*mem_ctx, const char *s
_PUBLIC_ void hex_encode_buf(char *dst, const uint8_t *src, size_t srclen);
/**
- * Routine to print a buffer as HEX digits, into an allocated string.
- */
-_PUBLIC_ void hex_encode(const unsigned char *buff_in, size_t len, char
**out_hex_buffer);
-
-/**
- * talloc version of hex_encode()
+ * talloc version of hex_encode_buf()
*/
_PUBLIC_ char *hex_encode_talloc(TALLOC_CTX *mem_ctx, const unsigned char
*buff_in, size_t len);
diff --git a/lib/util/util.c b/lib/util/util.c
index 562f7df..9ef7124 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -932,19 +932,7 @@ _PUBLIC_ void hex_encode_buf(char *dst, const uint8_t
*src, size_t srclen)
}
/**
- * Routine to print a buffer as HEX digits, into an allocated string.
- */
-_PUBLIC_ void hex_encode(const unsigned char *buff_in, size_t len, char
**out_hex_buffer)
-{
- char *hex_buffer;
-
- *out_hex_buffer = malloc_array_p(char, (len*2)+1);
- hex_buffer = *out_hex_buffer;
- hex_encode_buf(hex_buffer, buff_in, len);
-}
-
-/**
- * talloc version of hex_encode()
+ * talloc version of hex_encode_buf()
*/
_PUBLIC_ char *hex_encode_talloc(TALLOC_CTX *mem_ctx, const unsigned char
*buff_in, size_t len)
{
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 815c864..dad4dd9 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -524,7 +524,7 @@ char *sid_string_dbg(const struct dom_sid *sid);
char *sid_string_tos(const struct dom_sid *sid);
bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid);
bool non_mappable_sid(struct dom_sid *sid);
-char *sid_binstring_hex(const struct dom_sid *sid);
+char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
struct netr_SamInfo3;
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
const struct netr_SamInfo3 *info3,
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index f051b7a..e336510 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -113,17 +113,12 @@ bool non_mappable_sid(struct dom_sid *sid)
Caller must free.
*****************************************************************/
-char *sid_binstring_hex(const struct dom_sid *sid)
+char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
{
- char *buf, *s;
int len = ndr_size_dom_sid(sid, 0);
- buf = (char *)SMB_MALLOC(len);
- if (!buf)
- return NULL;
+ char buf[len];
sid_linearize(buf, len, sid);
- hex_encode((const unsigned char *)buf, len, &s);
- free(buf);
- return s;
+ return hex_encode_talloc(mem_ctx, (const unsigned char *)buf, len);
}
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
index 117dc55..157f694 100644
--- a/source3/libads/ldap_utils.c
+++ b/source3/libads/ldap_utils.c
@@ -214,20 +214,20 @@ static ADS_STATUS ads_do_search_retry_args(ADS_STRUCT
*ads, const char *bind_pat
char *dn, *sid_string;
ADS_STATUS status;
- sid_string = sid_binstring_hex(sid);
+ sid_string = sid_binstring_hex_talloc(talloc_tos(), sid);
if (sid_string == NULL) {
return ADS_ERROR(LDAP_NO_MEMORY);
}
if (!asprintf(&dn, "<SID=%s>", sid_string)) {
- SAFE_FREE(sid_string);
+ TALLOC_FREE(sid_string);
return ADS_ERROR(LDAP_NO_MEMORY);
}
status = ads_do_search_retry(ads, dn, LDAP_SCOPE_BASE,
"(objectclass=*)", attrs, res);
SAFE_FREE(dn);
- SAFE_FREE(sid_string);
+ TALLOC_FREE(sid_string);
return status;
}
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index ce3740f..db7335e 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -458,6 +458,8 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT
*ads, const gss_name_t
DATA_BLOB unwrapped;
DATA_BLOB wrapped;
struct berval cred, *scred = NULL;
+ uint32_t context_validity = 0;
+ time_t context_endtime = 0;
status = ads_init_gssapi_cred(ads, &gss_cred);
if (!ADS_ERR_OK(status)) {
@@ -652,6 +654,26 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT
*ads, const gss_name_t
goto failed;
}
+ gss_rc =
+ gss_context_time(&minor_status, context_handle, &context_validity);
+ if (gss_rc == GSS_S_COMPLETE) {
+ if (context_validity != 0) {
+ context_endtime = time(NULL) + context_validity;
+ DEBUG(10, ("context (service ticket) valid for "
+ "%u seconds\n",
+ context_validity));
+ } else {
+ DEBUG(10, ("context (service ticket) expired\n"));
+ }
+ } else {
+ DEBUG(1, ("gss_context_time failed (%d,%u) -"
+ " this will be a one-time context\n",
+ gss_rc, minor_status));
+ if (gss_rc == GSS_S_CONTEXT_EXPIRED) {
+ DEBUG(10, ("context (service ticket) expired\n"));
+ }
+ }
+
if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
uint32_t max_msg_size = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED;
@@ -677,6 +699,7 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT
*ads, const gss_name_t
context_handle = GSS_C_NO_CONTEXT;
}
+ ads->auth.tgs_expire = context_endtime;
status = ADS_SUCCESS;
failed:
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index f44e782..f7c95eb 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -796,8 +796,6 @@ static void manage_ntlm_server_1_request(enum
stdio_helper_mode stdio_helper_mod
SAFE_FREE(error_string);
} else {
static char zeros[16];
- char *hex_lm_key;
- char *hex_user_session_key;
mux_printf(mux_id, "Authenticated: Yes\n");
@@ -805,22 +803,22 @@ static void manage_ntlm_server_1_request(enum
stdio_helper_mode stdio_helper_mod
&& lm_key.length
&& (memcmp(zeros, lm_key.data,
lm_key.length)
!= 0)) {
- hex_encode(lm_key.data,
- lm_key.length,
- &hex_lm_key);
+ char hex_lm_key[lm_key.length*2+1];
+ hex_encode_buf(hex_lm_key, lm_key.data,
+ lm_key.length);
mux_printf(mux_id, "LANMAN-Session-Key:
%s\n", hex_lm_key);
- SAFE_FREE(hex_lm_key);
}
if (ntlm_server_1_user_session_key
&& user_session_key.length
&& (memcmp(zeros, user_session_key.data,
user_session_key.length) != 0)) {
- hex_encode(user_session_key.data,
- user_session_key.length,
- &hex_user_session_key);
+ char hex_user_session_key[
+ user_session_key.length*2+1];
+ hex_encode_buf(hex_user_session_key,
+ user_session_key.data,
+ user_session_key.length);
mux_printf(mux_id, "User-Session-Key:
%s\n", hex_user_session_key);
- SAFE_FREE(hex_user_session_key);
}
}
}
--
Samba Shared Repository
