The Samba-Bugzilla – Attachment 12566 Details for
Bug 12369
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Patches for v4-4-test
tmp44.diff.txt (text/plain), 5.83 KB, created by
Stefan Metzmacher
on 2016-10-13 08:17:31 UTC
(
hide
)
Description:
Patches for v4-4-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2016-10-13 08:17:31 UTC
Size:
5.83 KB
patch
obsolete
>From 66668deb267d63f17c70aaea6f720a7c440bb71c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 10 Oct 2016 15:53:26 +0200 >Subject: [PATCH 1/3] HEIMDAL:lib/krb5: destroy a memory ccache on reinit >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Günther Deschner <gd@samba.org> >Reviewed-by: Uri Simchoni <uri@samba.org> >(cherry picked from commit 2abc3710a8a63327a769ba0482c553ed274b2113) >--- > source4/heimdal/lib/krb5/mcache.c | 52 ++++++++++++++++++++++++++------------- > 1 file changed, 35 insertions(+), 17 deletions(-) > >diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c >index e4b90c1..dc79b87 100644 >--- a/source4/heimdal/lib/krb5/mcache.c >+++ b/source4/heimdal/lib/krb5/mcache.c >@@ -155,13 +155,47 @@ mcc_gen_new(krb5_context context, krb5_ccache *id) > return 0; > } > >+static void KRB5_CALLCONV >+mcc_destroy_internal(krb5_context context, >+ krb5_mcache *m) >+{ >+ struct link *l; >+ >+ if (m->primary_principal != NULL) { >+ krb5_free_principal (context, m->primary_principal); >+ m->primary_principal = NULL; >+ } >+ m->dead = 1; >+ >+ l = m->creds; >+ while (l != NULL) { >+ struct link *old; >+ >+ krb5_free_cred_contents (context, &l->cred); >+ old = l; >+ l = l->next; >+ free (old); >+ } >+ >+ m->creds = NULL; >+ return; >+} >+ > static krb5_error_code KRB5_CALLCONV > mcc_initialize(krb5_context context, > krb5_ccache id, > krb5_principal primary_principal) > { > krb5_mcache *m = MCACHE(id); >+ /* >+ * It's important to destroy any existing >+ * creds here, that matches the baheviour >+ * of all other backends and also the >+ * MEMORY: backend in MIT. >+ */ >+ mcc_destroy_internal(context, m); > m->dead = 0; >+ m->kdc_offset = 0; > m->mtime = time(NULL); > return krb5_copy_principal (context, > primary_principal, >@@ -195,7 +229,6 @@ mcc_destroy(krb5_context context, > krb5_ccache id) > { > krb5_mcache **n, *m = MCACHE(id); >- struct link *l; > > if (m->refcnt == 0) > krb5_abortx(context, "mcc_destroy: refcnt already 0"); >@@ -211,22 +244,7 @@ mcc_destroy(krb5_context context, > } > } > HEIMDAL_MUTEX_unlock(&mcc_mutex); >- if (m->primary_principal != NULL) { >- krb5_free_principal (context, m->primary_principal); >- m->primary_principal = NULL; >- } >- m->dead = 1; >- >- l = m->creds; >- while (l != NULL) { >- struct link *old; >- >- krb5_free_cred_contents (context, &l->cred); >- old = l; >- l = l->next; >- free (old); >- } >- m->creds = NULL; >+ mcc_destroy_internal(context, m); > } > return 0; > } >-- >1.9.1 > > >From 5484f6cb0d812d11234347f592dff1a15ef5ef50 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 10 Oct 2016 17:07:12 +0200 >Subject: [PATCH 2/3] s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor > set "KRB5CCNAME" >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Günther Deschner <gd@samba.org> >Reviewed-by: Uri Simchoni <uri@samba.org> >(cherry picked from commit 890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd) >--- > source3/libads/sasl.c | 5 ----- > 1 file changed, 5 deletions(-) > >diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c >index 85a2eb0..4e4486f 100644 >--- a/source3/libads/sasl.c >+++ b/source3/libads/sasl.c >@@ -1027,7 +1027,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) > { > ADS_STATUS status; > struct ads_service_principal p; >- const char *ccache_name = "MEMORY:ads_sasl_gssapi_do_bind"; > > status = ads_generate_service_principal(ads, &p); > if (!ADS_ERR_OK(status)) { >@@ -1046,10 +1045,6 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads) > "calling kinit\n", ads_errstr(status))); > } > >- if (ads->auth.ccache_name != NULL) { >- ccache_name = ads->auth.ccache_name; >- } >- setenv(KRB5_ENV_CCNAME, ccache_name, 1); > status = ADS_ERROR_KRB5(ads_kinit_password(ads)); > > if (ADS_ERR_OK(status)) { >-- >1.9.1 > > >From 012e763219f42071ced497fcc0ecd387789efd4f Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 10 Oct 2016 17:07:12 +0200 >Subject: [PATCH 3/3] s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set > "KRB5CCNAME" >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Günther Deschner <gd@samba.org> >Reviewed-by: Uri Simchoni <uri@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144 > >(cherry picked from commit a5f895a53016af71db53967062728fec5bc307ca) >--- > source3/libads/sasl.c | 6 ------ > 1 file changed, 6 deletions(-) > >diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c >index 4e4486f..39c60c3 100644 >--- a/source3/libads/sasl.c >+++ b/source3/libads/sasl.c >@@ -749,11 +749,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) > if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) && > got_kerberos_mechanism) > { >- const char *ccache_name = "MEMORY:ads_sasl_spnego_bind"; >- if (ads->auth.ccache_name != NULL) { >- ccache_name = ads->auth.ccache_name; >- } >- > if (ads->auth.password == NULL || > ads->auth.password[0] == '\0') > { >@@ -771,7 +766,6 @@ static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) > "calling kinit\n", ads_errstr(status))); > } > >- setenv(KRB5_ENV_CCNAME, ccache_name, 1); > status = ADS_ERROR_KRB5(ads_kinit_password(ads)); > > if (ADS_ERR_OK(status)) { >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12566">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jra
:
review+
metze
:
review?
(
gd
)
Actions:
View
Attachments on
bug 12369
:
12555
|
12560
|
12565
| 12566 |
12567