The Samba-Bugzilla – Attachment 12699 Details for
Bug 10882
samba_upgradedns with BIND9_DLZ doesn't recreate dns-hostname account
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
backport saltPrincipal fix for 4.5
dns-4-5-2.patches (text/plain), 4.71 KB, created by
Garming Sam
on 2016-11-29 01:59:26 UTC
(
hide
)
Description:
backport saltPrincipal fix for 4.5
Filename:
MIME Type:
Creator:
Garming Sam
Created:
2016-11-29 01:59:26 UTC
Size:
4.71 KB
patch
obsolete
>From ed2a1f18d8d57e8d11945d0f9da53165c7f519bb Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Wed, 7 Sep 2016 12:18:29 +1200 >Subject: [PATCH 1/2] s4-auth: Don't check for NULL saltPrincipal if it doesn't > need it > >This check causes 4.1 domains to be unable to change their DNS backend >correctly as they do not have the saltPrincipal value stored. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=10882 >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit b02da114980d46e9e251a5d3dfbf549ef348548a) >--- > source4/auth/kerberos/srv_keytab.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > >diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c >index 6e02b81..6f0073c 100644 >--- a/source4/auth/kerberos/srv_keytab.c >+++ b/source4/auth/kerberos/srv_keytab.c >@@ -218,12 +218,6 @@ krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, > return ENOENT; > } > >- if (saltPrincipal == NULL) { >- *perror_string = talloc_strdup(parent_ctx, >- "No saltPrincipal provided"); >- return EINVAL; >- } >- > ret = krb5_kt_resolve(context, keytab_name, &keytab); > if (ret) { > *perror_string = smb_get_krb5_error_message(context, >@@ -283,6 +277,12 @@ krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, > /* Create a new keytab. If during the cleanout we found > * entires for kvno -1, then don't try and duplicate them. > * Otherwise, add kvno, and kvno -1 */ >+ if (saltPrincipal == NULL) { >+ *perror_string = talloc_strdup(parent_ctx, >+ "No saltPrincipal provided"); >+ ret = EINVAL; >+ goto done; >+ } > > ret = create_keytab(tmp_ctx, > samAccountName, upper_realm, saltPrincipal, >-- >1.9.1 > > >From 67fd9762ee39a08306ce69d2c84f0ba0f5041f91 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Thu, 15 Sep 2016 16:04:12 +1200 >Subject: [PATCH 2/2] doc: Add doxygen for functions in srv_keytab.c > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >BUG: https://bugzilla.samba.org/show_bug.cgi?id=10882 >(cherry picked from commit 683fcad3ca1617a07e9ade82ec7e44ac512ab415) >--- > source4/auth/kerberos/srv_keytab.c | 47 ++++++++++++++++++++++++++++++++++++++ > 1 file changed, 47 insertions(+) > >diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c >index 6f0073c..d08721b 100644 >--- a/source4/auth/kerberos/srv_keytab.c >+++ b/source4/auth/kerberos/srv_keytab.c >@@ -20,6 +20,12 @@ > along with this program. If not, see <http://www.gnu.org/licenses/>. > */ > >+/** >+ * @file srv_keytab.c >+ * >+ * @brief Kerberos keytab utility functions >+ * >+ */ > > #include "includes.h" > #include "system/kerberos.h" >@@ -189,6 +195,31 @@ done: > return ret; > } > >+/** >+ * @brief Update a Kerberos keytab and removes any obsolete keytab entries. >+ * >+ * If the keytab does not exist, this function will create one. >+ * >+ * @param[in] parent_ctx Talloc memory context >+ * @param[in] context Kerberos context >+ * @param[in] keytab_name Keytab to open >+ * @param[in] samAccountName User account to update >+ * @param[in] realm Kerberos realm >+ * @param[in] SPNs Service principal names to update >+ * @param[in] num_SPNs Length of SPNs >+ * @param[in] saltPrincipal Salt used for AES encryption. >+ * Required, unless delete_all_kvno is set. >+ * @param[in] old_secret Old password >+ * @param[in] new_secret New password >+ * @param[in] kvno Current key version number >+ * @param[in] supp_enctypes msDS-SupportedEncryptionTypes bit-field >+ * @param[in] delete_all_kvno Removes all obsolete entries, without >+ * recreating the keytab. >+ * @param[out] _keytab If supplied, returns the keytab >+ * @param[out] perror_string Error string on failure >+ * >+ * @return 0 on success, errno on failure >+ */ > krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, > krb5_context context, > const char *keytab_name, >@@ -312,6 +343,22 @@ done: > return ret; > } > >+/** >+ * @brief Wrapper around smb_krb5_update_keytab() for creating an in-memory keytab >+ * >+ * @param[in] parent_ctx Talloc memory context >+ * @param[in] context Kerberos context >+ * @param[in] new_secret New password >+ * @param[in] samAccountName User account to update >+ * @param[in] realm Kerberos realm >+ * @param[in] salt_principal Salt used for AES encryption. >+ * Required, unless delete_all_kvno is set. >+ * @param[in] kvno Current key version number >+ * @param[out] keytab If supplied, returns the keytab >+ * @param[out] keytab_name Returns the created keytab name >+ * >+ * @return 0 on success, errno on failure >+ */ > krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, > krb5_context context, > const char *new_secret, >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=12699">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
Actions:
View
Attachments on
bug 10882
:
12290
|
12451
| 12699