The branch, master has been updated
       via  a5f895a s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set 
"KRB5CCNAME"
       via  890b1bb s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set 
"KRB5CCNAME"
       via  2abc371 HEIMDAL:lib/krb5: destroy a memory ccache on reinit
       via  6ec81ca lib: Fix CID 1373623 Dereference after null check
      from  9afdd95 winbindd: Remove now unused cache_methods

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a5f895a53016af71db53967062728fec5bc307ca
Author: Stefan Metzmacher <me...@samba.org>
Date:   Mon Oct 10 17:07:12 2016 +0200

    s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"
    
    Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Günther Deschner <g...@samba.org>
    Reviewed-by: Uri Simchoni <u...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144

commit 890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd
Author: Stefan Metzmacher <me...@samba.org>
Date:   Mon Oct 10 17:07:12 2016 +0200

    s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"
    
    Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Günther Deschner <g...@samba.org>
    Reviewed-by: Uri Simchoni <u...@samba.org>

commit 2abc3710a8a63327a769ba0482c553ed274b2113
Author: Stefan Metzmacher <me...@samba.org>
Date:   Mon Oct 10 15:53:26 2016 +0200

    HEIMDAL:lib/krb5: destroy a memory ccache on reinit
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Günther Deschner <g...@samba.org>
    Reviewed-by: Uri Simchoni <u...@samba.org>

commit 6ec81ca3c196f3c4659a4e1c473759b393708d12
Author: Volker Lendecke <v...@samba.org>
Date:   Wed Oct 12 12:35:12 2016 +0200

    lib: Fix CID 1373623 Dereference after null check
    
    We should not overload "p", this is used in the outer loop
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12276
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Ralph Böhme <s...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/substitute.c          |  7 +++---
 source3/libads/sasl.c             | 11 ---------
 source4/heimdal/lib/krb5/mcache.c | 52 ++++++++++++++++++++++++++-------------
 3 files changed, 39 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index 752f108..bc34c31 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -524,9 +524,10 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
 
                                group_name = gidtoname(pass->pw_gid);
                                if (is_domain_name) {
-                                       p = strchr_m(group_name, *sep);
-                                       if (p != NULL) {
-                                               group_name = p + 1;
+                                       char *group_sep;
+                                       group_sep = strchr_m(group_name, *sep);
+                                       if (group_sep != NULL) {
+                                               group_name = group_sep + 1;
                                        }
                                }
                                a_string = realloc_string_sub(a_string,
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 85a2eb0..39c60c3 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -749,11 +749,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
        if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
            got_kerberos_mechanism) 
        {
-               const char *ccache_name = "MEMORY:ads_sasl_spnego_bind";
-               if (ads->auth.ccache_name != NULL) {
-                       ccache_name = ads->auth.ccache_name;
-               }
-
                if (ads->auth.password == NULL ||
                    ads->auth.password[0] == '\0')
                {
@@ -771,7 +766,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
                                  "calling kinit\n", ads_errstr(status)));
                }
 
-               setenv(KRB5_ENV_CCNAME, ccache_name, 1);
                status = ADS_ERROR_KRB5(ads_kinit_password(ads)); 
 
                if (ADS_ERR_OK(status)) {
@@ -1027,7 +1021,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
 {
        ADS_STATUS status;
        struct ads_service_principal p;
-       const char *ccache_name = "MEMORY:ads_sasl_gssapi_do_bind";
 
        status = ads_generate_service_principal(ads, &p);
        if (!ADS_ERR_OK(status)) {
@@ -1046,10 +1039,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
                          "calling kinit\n", ads_errstr(status)));
        }
 
-       if (ads->auth.ccache_name != NULL) {
-               ccache_name = ads->auth.ccache_name;
-       }
-       setenv(KRB5_ENV_CCNAME, ccache_name, 1);
        status = ADS_ERROR_KRB5(ads_kinit_password(ads));
 
        if (ADS_ERR_OK(status)) {
diff --git a/source4/heimdal/lib/krb5/mcache.c 
b/source4/heimdal/lib/krb5/mcache.c
index e4b90c1..dc79b87 100644
--- a/source4/heimdal/lib/krb5/mcache.c
+++ b/source4/heimdal/lib/krb5/mcache.c
@@ -155,13 +155,47 @@ mcc_gen_new(krb5_context context, krb5_ccache *id)
     return 0;
 }
 
+static void KRB5_CALLCONV
+mcc_destroy_internal(krb5_context context,
+                    krb5_mcache *m)
+{
+    struct link *l;
+
+    if (m->primary_principal != NULL) {
+       krb5_free_principal (context, m->primary_principal);
+       m->primary_principal = NULL;
+    }
+    m->dead = 1;
+
+    l = m->creds;
+    while (l != NULL) {
+       struct link *old;
+
+       krb5_free_cred_contents (context, &l->cred);
+       old = l;
+       l = l->next;
+       free (old);
+    }
+
+    m->creds = NULL;
+    return;
+}
+
 static krb5_error_code KRB5_CALLCONV
 mcc_initialize(krb5_context context,
               krb5_ccache id,
               krb5_principal primary_principal)
 {
     krb5_mcache *m = MCACHE(id);
+    /*
+     * It's important to destroy any existing
+     * creds here, that matches the baheviour
+     * of all other backends and also the
+     * MEMORY: backend in MIT.
+     */
+    mcc_destroy_internal(context, m);
     m->dead = 0;
+    m->kdc_offset = 0;
     m->mtime = time(NULL);
     return krb5_copy_principal (context,
                                primary_principal,
@@ -195,7 +229,6 @@ mcc_destroy(krb5_context context,
            krb5_ccache id)
 {
     krb5_mcache **n, *m = MCACHE(id);
-    struct link *l;
 
     if (m->refcnt == 0)
        krb5_abortx(context, "mcc_destroy: refcnt already 0");
@@ -211,22 +244,7 @@ mcc_destroy(krb5_context context,
            }
        }
        HEIMDAL_MUTEX_unlock(&mcc_mutex);
-       if (m->primary_principal != NULL) {
-           krb5_free_principal (context, m->primary_principal);
-           m->primary_principal = NULL;
-       }
-       m->dead = 1;
-
-       l = m->creds;
-       while (l != NULL) {
-           struct link *old;
-
-           krb5_free_cred_contents (context, &l->cred);
-           old = l;
-           l = l->next;
-           free (old);
-       }
-       m->creds = NULL;
+       mcc_destroy_internal(context, m);
     }
     return 0;
 }


-- 
Samba Shared Repository

Reply via email to