The Samba-Bugzilla – Attachment 13055 Details for
Bug 12611
credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
new additional patch for 4.6
samba-v4.6-credentials-fix-realm-1.patch (text/plain), 1.89 KB, created by
Alexander Bokovoy
on 2017-03-14 11:06:30 UTC
(
hide
)
Description:
new additional patch for 4.6
Filename:
MIME Type:
Creator:
Alexander Bokovoy
Created:
2017-03-14 11:06:30 UTC
Size:
1.89 KB
patch
obsolete
>From c80cbf2f2cca3f32d4e3fd4df9eb6aa0f216f25a Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 21 Dec 2016 22:17:22 +0100 >Subject: [PATCH] auth/credentials: Always set the the realm if we set the > principal from the ccache > >This fixes a bug in gensec_gssapi_client_start() where an invalid realm >is used to get a Kerberos ticket. > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 30c07065300281e3a67197fe39ed928346480ff7) >--- > auth/credentials/credentials_krb5.c | 20 +++++++++++++++++--- > 1 file changed, 17 insertions(+), 3 deletions(-) > >diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c >index 0e68012..1912c48 100644 >--- a/auth/credentials/credentials_krb5.c >+++ b/auth/credentials/credentials_krb5.c >@@ -107,7 +107,8 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, > enum credentials_obtained obtained, > const char **error_string) > { >- >+ bool ok; >+ char *realm; > krb5_principal princ; > krb5_error_code ret; > char *name; >@@ -134,11 +135,24 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, > return ret; > } > >- cli_credentials_set_principal(cred, name, obtained); >- >+ ok = cli_credentials_set_principal(cred, name, obtained); >+ if (!ok) { >+ krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ); >+ return ENOMEM; >+ } > free(name); > >+ realm = smb_krb5_principal_get_realm(ccache->smb_krb5_context->krb5_context, >+ princ); > krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ); >+ if (realm == NULL) { >+ return ENOMEM; >+ } >+ ok = cli_credentials_set_realm(cred, realm, obtained); >+ SAFE_FREE(realm); >+ if (!ok) { >+ return ENOMEM; >+ } > > /* set the ccache_obtained here, as it just got set to UNINITIALISED by the calls above */ > cred->ccache_obtained = obtained; >-- >2.9.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13055">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 12611
:
13008
|
13032
|
13033
|
13036
| 13055