The branch, master has been updated via e2b7a2f7811 s4-auth: Remove unused headers via 1bacf26d30a auth/credentials: Fix cli_credentials_shallow_ccache error case via ce293eb861b auth/credentials: Handle ENOENT when obtaining ccache lifetime from 102ad9ee6a0 librpc: match gensec_gssapi and call gsskrb5_set_dns_canonicalize() for Heimdal
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit e2b7a2f78117e20739aa4f895ce68825e160d451 Author: Andrew Bartlett <abart...@samba.org> Date: Wed Dec 8 15:30:02 2021 +1300 s4-auth: Remove unused headers These changes were submitted in a patch by Stefan Metzmacher <me...@samba.org> in his lorikeet-heimdal import branch of patches to upgrade to a modern Heimdal. Signed-off-by: Andrew Bartlett <abart...@samba.org> Signed-off-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Thu Dec 9 14:14:12 UTC 2021 on sn-devel-184 commit 1bacf26d30adc89348786bff7b9e2fe6d6f43856 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 3 15:29:32 2020 +0200 auth/credentials: Fix cli_credentials_shallow_ccache error case Avoid dangling values if something fails... Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit ce293eb861b2fc6c7a88cf67664c91735bf49d44 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 3 15:27:45 2020 +0200 auth/credentials: Handle ENOENT when obtaining ccache lifetime The new Heimdal may return ENOENT instead of KRB5_CC_END. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> ----------------------------------------------------------------------- Summary of changes: auth/credentials/credentials_krb5.c | 13 +++++++++---- source4/auth/kerberos/kerberos.h | 1 - source4/auth/kerberos/krb5_init_context.c | 1 - 3 files changed, 9 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index d2e7a76a69e..e69e1a83b3c 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -686,7 +686,7 @@ _PUBLIC_ int cli_credentials_get_named_ccache(struct cli_credentials *cred, bool expired = false; ret = smb_krb5_cc_get_lifetime(cred->ccache->smb_krb5_context->krb5_context, cred->ccache->ccache, &lifetime); - if (ret == KRB5_CC_END) { + if (ret == KRB5_CC_END || ret == ENOENT) { /* If we have a particular ccache set, without * an initial ticket, then assume there is a * good reason */ @@ -1060,15 +1060,22 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred) { krb5_error_code ret; const struct ccache_container *old_ccc = NULL; + enum credentials_obtained old_obtained; struct ccache_container *ccc = NULL; char *ccache_name = NULL; krb5_principal princ; + old_obtained = cred->ccache_obtained; old_ccc = cred->ccache; if (old_ccc == NULL) { return 0; } + cred->ccache = NULL; + cred->ccache_obtained = CRED_UNINITIALISED; + cred->client_gss_creds = NULL; + cred->client_gss_creds_obtained = CRED_UNINITIALISED; + ret = krb5_cc_get_principal( old_ccc->smb_krb5_context->krb5_context, old_ccc->ccache, @@ -1077,7 +1084,6 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred) /* * This is an empty ccache. No point in copying anything. */ - cred->ccache = NULL; return 0; } krb5_free_principal(old_ccc->smb_krb5_context->krb5_context, princ); @@ -1110,8 +1116,7 @@ static int cli_credentials_shallow_ccache(struct cli_credentials *cred) } cred->ccache = ccc; - cred->client_gss_creds = NULL; - cred->client_gss_creds_obtained = CRED_UNINITIALISED; + cred->ccache_obtained = old_obtained; return ret; } diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h index 1dd63acc838..33ee4f301ed 100644 --- a/source4/auth/kerberos/kerberos.h +++ b/source4/auth/kerberos/kerberos.h @@ -27,7 +27,6 @@ #include "auth/kerberos/krb5_init_context.h" #include "librpc/gen_ndr/krb5pac.h" #include "lib/krb5_wrap/krb5_samba.h" -#include "lib/krb5_wrap/gss_samba.h" struct auth_user_info_dc; struct cli_credentials; diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 639718cb6a6..616eebc968e 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -22,7 +22,6 @@ #include "includes.h" #include "system/kerberos.h" -#include "system/gssapi.h" #include <tevent.h> #include "auth/kerberos/kerberos.h" #include "lib/socket/socket.h" -- Samba Shared Repository