The Samba-Bugzilla – Attachment 13036 Details for
Bug 12611
credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
addition patch for 4.6
samba-v4.6-credentials-fix-realm.patch (text/plain), 1.76 KB, created by
Alexander Bokovoy
on 2017-03-10 17:19:46 UTC
(
hide
)
Description:
addition patch for 4.6
Filename:
MIME Type:
Creator:
Alexander Bokovoy
Created:
2017-03-10 17:19:46 UTC
Size:
1.76 KB
patch
obsolete
>commit 4dc389c6ae95b7bd34e762b5362c8a79fbda7c7c >Author: Andreas Schneider <asn@samba.org> >Date: Wed Dec 21 22:17:22 2016 +0100 > > auth/credentials: Always set the the realm if we set the principal from the ccache > > This fixes a bug in gensec_gssapi_client_start() where an invalid realm > is used to get a Kerberos ticket. > > Signed-off-by: Andreas Schneider <asn@samba.org> > Reviewed-by: Stefan Metzmacher <metze@samba.org> > (cherry picked from commit 30c07065300281e3a67197fe39ed928346480ff7) > >diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c >index 0e68012..1912c48 100644 >--- a/auth/credentials/credentials_krb5.c >+++ b/auth/credentials/credentials_krb5.c >@@ -107,7 +107,8 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, > enum credentials_obtained obtained, > const char **error_string) > { >- >+ bool ok; >+ char *realm; > krb5_principal princ; > krb5_error_code ret; > char *name; >@@ -134,11 +135,24 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, > return ret; > } > >- cli_credentials_set_principal(cred, name, obtained); >- >+ ok = cli_credentials_set_principal(cred, name, obtained); >+ if (!ok) { >+ krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ); >+ return ENOMEM; >+ } > free(name); > >+ realm = smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context, >+ princ); > krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ); >+ if (realm == NULL) { >+ return ENOMEM; >+ } >+ ok = cli_credentials_set_realm(cred, realm, obtained); >+ SAFE_FREE(realm); >+ if (!ok) { >+ return ENOMEM; >+ } > > /* set the ccache_obtained here, as it just got set to UNINITIALISED by the calls above */ > cred->ccache_obtained = obtained;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 12611
:
13008
|
13032
|
13033
|
13036
|
13055