[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher Thu, 09 Dec 2021 06:15:24 -0800

The branch, master has been updated
       via  e2b7a2f7811 s4-auth: Remove unused headers
       via  1bacf26d30a auth/credentials: Fix cli_credentials_shallow_ccache 
error case
       via  ce293eb861b auth/credentials: Handle ENOENT when obtaining ccache 
lifetime
      from  102ad9ee6a0 librpc: match gensec_gssapi and call 
gsskrb5_set_dns_canonicalize() for Heimdal


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit e2b7a2f78117e20739aa4f895ce68825e160d451
Author: Andrew Bartlett <abart...@samba.org>
Date:   Wed Dec 8 15:30:02 2021 +1300

    s4-auth: Remove unused headers
    
    These changes were submitted in a patch by
    Stefan Metzmacher <me...@samba.org> in his lorikeet-heimdal
    import branch of patches to upgrade to a modern Heimdal.
    
    Signed-off-by: Andrew Bartlett <abart...@samba.org>
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
    Autobuild-Date(master): Thu Dec  9 14:14:12 UTC 2021 on sn-devel-184

commit 1bacf26d30adc89348786bff7b9e2fe6d6f43856
Author: Stefan Metzmacher <me...@samba.org>
Date:   Fri Apr 3 15:29:32 2020 +0200

    auth/credentials: Fix cli_credentials_shallow_ccache error case
    
    Avoid dangling values if something fails...
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz>

commit ce293eb861b2fc6c7a88cf67664c91735bf49d44
Author: Stefan Metzmacher <me...@samba.org>
Date:   Fri Apr 3 15:27:45 2020 +0200

    auth/credentials: Handle ENOENT when obtaining ccache lifetime
    
    The new Heimdal may return ENOENT instead of KRB5_CC_END.
    
    Signed-off-by: Stefan Metzmacher <me...@samba.org>
    Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 auth/credentials/credentials_krb5.c       | 13 +++++++++----
 source4/auth/kerberos/kerberos.h          |  1 -
 source4/auth/kerberos/krb5_init_context.c |  1 -
 3 files changed, 9 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/auth/credentials/credentials_krb5.c 
b/auth/credentials/credentials_krb5.c
index d2e7a76a69e..e69e1a83b3c 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -686,7 +686,7 @@ _PUBLIC_ int cli_credentials_get_named_ccache(struct 
cli_credentials *cred,
                bool expired = false;
                ret = 
smb_krb5_cc_get_lifetime(cred->ccache->smb_krb5_context->krb5_context,
                                               cred->ccache->ccache, &lifetime);
-               if (ret == KRB5_CC_END) {
+               if (ret == KRB5_CC_END || ret == ENOENT) {
                        /* If we have a particular ccache set, without
                         * an initial ticket, then assume there is a
                         * good reason */
@@ -1060,15 +1060,22 @@ static int cli_credentials_shallow_ccache(struct 
cli_credentials *cred)
 {
        krb5_error_code ret;
        const struct ccache_container *old_ccc = NULL;
+       enum credentials_obtained old_obtained;
        struct ccache_container *ccc = NULL;
        char *ccache_name = NULL;
        krb5_principal princ;
 
+       old_obtained = cred->ccache_obtained;
        old_ccc = cred->ccache;
        if (old_ccc == NULL) {
                return 0;
        }
 
+       cred->ccache = NULL;
+       cred->ccache_obtained = CRED_UNINITIALISED;
+       cred->client_gss_creds = NULL;
+       cred->client_gss_creds_obtained = CRED_UNINITIALISED;
+
        ret = krb5_cc_get_principal(
                old_ccc->smb_krb5_context->krb5_context,
                old_ccc->ccache,
@@ -1077,7 +1084,6 @@ static int cli_credentials_shallow_ccache(struct 
cli_credentials *cred)
                /*
                 * This is an empty ccache. No point in copying anything.
                 */
-               cred->ccache = NULL;
                return 0;
        }
        krb5_free_principal(old_ccc->smb_krb5_context->krb5_context, princ);
@@ -1110,8 +1116,7 @@ static int cli_credentials_shallow_ccache(struct 
cli_credentials *cred)
        }
 
        cred->ccache = ccc;
-       cred->client_gss_creds = NULL;
-       cred->client_gss_creds_obtained = CRED_UNINITIALISED;
+       cred->ccache_obtained = old_obtained;
        return ret;
 }
 
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index 1dd63acc838..33ee4f301ed 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -27,7 +27,6 @@
 #include "auth/kerberos/krb5_init_context.h"
 #include "librpc/gen_ndr/krb5pac.h"
 #include "lib/krb5_wrap/krb5_samba.h"
-#include "lib/krb5_wrap/gss_samba.h"
 
 struct auth_user_info_dc;
 struct cli_credentials;
diff --git a/source4/auth/kerberos/krb5_init_context.c 
b/source4/auth/kerberos/krb5_init_context.c
index 639718cb6a6..616eebc968e 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -22,7 +22,6 @@
 
 #include "includes.h"
 #include "system/kerberos.h"
-#include "system/gssapi.h"
 #include <tevent.h>
 #include "auth/kerberos/kerberos.h"
 #include "lib/socket/socket.h"


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to