Attachment 15532 Details for Bug 14155 – patch for 4.11

[patch] patch for 4.11

v4.11.patch (text/plain), 3.50 KB, created by Andreas Schneider on 2019-10-14 08:15:43 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andreas Schneider

Created: 2019-10-14 08:15:43 UTC

Size: 3.50 KB

patch

obsolete

>From 3a37579b0dc95830d8fa7d596eec17d720940998 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 9 Oct 2019 20:11:03 +0200
>Subject: [PATCH 1/2] lib:krb5_wrap: Do not create a temporary file for MEMORY
> keytabs
>
>The autobuild cleanup script fails with:
>
>The tree has 3 new uncommitted files!!!
>git clean -n
>Would remove MEMORY:tmp_smb_creds_SK98Lv
>Would remove MEMORY:tmp_smb_creds_kornU6
>Would remove MEMORY:tmp_smb_creds_ljR828
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Stefan Metzmacher <metze@samba.org>
>(cherry picked from commit d888655244b4d8ec7a69a042e0ff3c074585b0de)
>---
> lib/krb5_wrap/krb5_samba.c | 19 ++++++++-----------
> 1 file changed, 8 insertions(+), 11 deletions(-)
>
>diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
>index a4e73c64f00..5aceae44eec 100644
>--- a/lib/krb5_wrap/krb5_samba.c
>+++ b/lib/krb5_wrap/krb5_samba.c
>@@ -2002,26 +2002,23 @@ krb5_error_code smb_krb5_kinit_keyblock_ccache(krb5_context ctx,
> 					    krb_options);
> #elif defined(HAVE_KRB5_GET_INIT_CREDS_KEYTAB)
> {
>-#define SMB_CREDS_KEYTAB "MEMORY:tmp_smb_creds_XXXXXX"
>-	char tmp_name[sizeof(SMB_CREDS_KEYTAB)];
>+#define SMB_CREDS_KEYTAB "MEMORY:tmp_kinit_keyblock_ccache"
>+	char tmp_name[64] = {0};
> 	krb5_keytab_entry entry;
> 	krb5_keytab keytab;
>-	int tmpfd;
>-	mode_t mask;
>+	int rc;
> 
> 	memset(&entry, 0, sizeof(entry));
> 	entry.principal = principal;
> 	*(KRB5_KT_KEY(&entry)) = *keyblock;
> 
>-	memcpy(tmp_name, SMB_CREDS_KEYTAB, sizeof(SMB_CREDS_KEYTAB));
>-	mask = umask(S_IRWXO | S_IRWXG);
>-	tmpfd = mkstemp(tmp_name);
>-	umask(mask);
>-	if (tmpfd == -1) {
>-		DBG_ERR("Failed to mkstemp %s\n", tmp_name);
>+	rc = snprintf(tmp_name, sizeof(tmp_name),
>+		      "%s-%p",
>+		      SMB_CREDS_KEYTAB,
>+		      &my_creds);
>+	if (rc < 0) {
> 		return KRB5_KT_BADNAME;
> 	}
>-	close(tmpfd);
> 	code = krb5_kt_resolve(ctx, tmp_name, &keytab);
> 	if (code) {
> 		return code;
>-- 
>2.23.0
>
>
>From 2d17adb1d8ca727258ae79c8bfa69c7f5b0c5560 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 9 Oct 2019 16:32:47 +0200
>Subject: [PATCH 2/2] s3:libads: Do not turn on canonicalization flag for MIT
> Kerberos
>
>This partially reverts 303b7e59a286896888ee2473995fc50bb2b5ce5e.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14155
>
>Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com>
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Signed-off-by: Isaac Boukris <iboukris@redhat.com>
>Reviewed-by: Stefan Metzmacher <metze@samba.org>
>(cherry picked from commit 123584294cfd153acc2d9a5be9d71c395c847a25)
>---
> source3/libads/krb5_setpw.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
>diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
>index 67bc2f4640d..028b0dcfa65 100644
>--- a/source3/libads/krb5_setpw.c
>+++ b/source3/libads/krb5_setpw.c
>@@ -207,7 +207,22 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
> 	krb5_get_init_creds_opt_set_win2k(context, opts, true);
> 	krb5_get_init_creds_opt_set_canonicalize(context, opts, true);
> #else /* MIT */
>+#if 0
>+	/*
>+	 * FIXME
>+	 *
>+	 * Due to an upstream MIT Kerberos bug, this feature is not
>+	 * not working. Affection versions (2019-10-09): <= 1.17
>+	 *
>+	 * Reproducer:
>+	 * kinit -C aDmInIsTrAtOr@ACME.COM -S kadmin/changepw@ACME.COM
>+	 *
>+	 * This is NOT a problem if the service is a krbtgt.
>+	 *
>+	 * https://bugzilla.samba.org/show_bug.cgi?id=14155
>+	 */
> 	krb5_get_init_creds_opt_set_canonicalize(opts, true);
>+#endif
> #endif /* MIT */
> 
>     /* note that heimdal will fill in the local addresses if the addresses
>-- 
>2.23.0
>

Flags:

metze: review+

Actions: View

Attachments on bug 14155: 15532 | 15533 | 15534