The Samba-Bugzilla – Attachment 17133 Details for
Bug 14960
SDB uses HDB flags directly which can lead to unwanted side effects
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.16
v4-16-fix-sdb.patch (text/plain), 4.05 KB, created by
Andreas Schneider
on 2022-01-28 16:21:00 UTC
(
hide
)
Description:
patch for 4.16
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2022-01-28 16:21:00 UTC
Size:
4.05 KB
patch
obsolete
>From da258b47e6985a3ae45307305c3d4876444f525c Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 26 Jan 2022 08:39:50 +0100 >Subject: [PATCH 1/3] s4:kdc: Add a HDB to SDB mask > >For most flags the mapping is 1 to 1, but it's not always >the case anymore. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 63e00f81b5dd05b50e6ac286e87b8637a4ecd7e0) >--- > source4/kdc/sdb.h | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > >diff --git a/source4/kdc/sdb.h b/source4/kdc/sdb.h >index 19d9b920278..cf7060bd169 100644 >--- a/source4/kdc/sdb.h >+++ b/source4/kdc/sdb.h >@@ -116,6 +116,18 @@ struct sdb_entry_ex { > #define SDB_F_KVNO_SPECIFIED 128 /* we want a particular KVNO */ > #define SDB_F_FOR_AS_REQ 4096 /* fetch is for a AS REQ */ > #define SDB_F_FOR_TGS_REQ 8192 /* fetch is for a TGS REQ */ >+ >+#define SDB_F_HDB_MASK (SDB_F_DECRYPT | \ >+ SDB_F_GET_CLIENT| \ >+ SDB_F_GET_SERVER | \ >+ SDB_F_GET_KRBTGT | \ >+ SDB_F_CANON | \ >+ SDB_F_ADMIN_DATA | \ >+ SDB_F_KVNO_SPECIFIED | \ >+ SDB_F_FOR_AS_REQ | \ >+ SDB_F_FOR_TGS_REQ) >+ >+/* This is not supported by HDB */ > #define SDB_F_FORCE_CANON 16384 /* force canonicalition */ > > void sdb_free_entry(struct sdb_entry_ex *e); >-- >2.34.1 > > >From 4554429d593b0496cbc995a1551cc3208f5f7945 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 26 Jan 2022 08:43:41 +0100 >Subject: [PATCH 2/3] s4:kdc: Remove trailing spaces in hdb-samba4.c > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 2a0d6c11330c40f5692dc07ed6482c7107035bd4) >--- > source4/kdc/hdb-samba4.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > >diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c >index c0ec4bd3cd8..7477c0f9c11 100644 >--- a/source4/kdc/hdb-samba4.c >+++ b/source4/kdc/hdb-samba4.c >@@ -486,12 +486,12 @@ static void send_bad_password_netlogon(TALLOC_CTX *mem_ctx, > > req.in.validation_level = 3; > >- /* >+ /* > * The memory in identity_info and user_info only needs to be > * valid until the end of this function call, as it will be >- * pushed to NDR during this call >+ * pushed to NDR during this call > */ >- >+ > dcerpc_winbind_SamLogon_r_send(mem_ctx, kdc_db_ctx->ev_ctx, > irpc_handle, &req); > } >-- >2.34.1 > > >From 91805e29af0bb1fa33bef398d623d3e70893fd99 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 26 Jan 2022 08:44:13 +0100 >Subject: [PATCH 3/3] s4:kdc: Translate HDB flags to SDB flags > >We used to have a 1 to 1 mapping, but now we have >a conflict with these: > > #define SDB_F_FORCE_CANON 16384 > #define HDB_F_PRECHECK 16384 > >We currently don't really care about HDB_F_PRECHECK, >so we can just filter it out. > >In the long run we may change the SDB flags space to uint64... > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14960 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 6063e8016fccbefd1c3fe378e3807c77bc04e4ec) >--- > source4/kdc/hdb-samba4.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > >diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c >index 7477c0f9c11..71260d3ed0a 100644 >--- a/source4/kdc/hdb-samba4.c >+++ b/source4/kdc/hdb-samba4.c >@@ -223,6 +223,8 @@ static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db, > struct samba_kdc_db_context *kdc_db_ctx; > struct sdb_entry_ex sdb_entry_ex = {}; > krb5_error_code code, ret; >+ uint32_t sflags; >+ > kdc_db_ctx = talloc_get_type_abort(db->hdb_db, > struct samba_kdc_db_context); > >@@ -232,10 +234,12 @@ static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db, > entry_ex); > } > >+ sflags = (flags & SDB_F_HDB_MASK); >+ > ret = samba_kdc_fetch(context, > kdc_db_ctx, > principal, >- flags, >+ sflags, > kvno, > &sdb_entry_ex); > switch (ret) { >-- >2.34.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 14960
: 17133