The Samba-Bugzilla – Attachment 17217 Details for
Bug 15016
Regression: create krb5 conf = yes doesn't work with a single KDC
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.15
samba-4-15-fix-create-local-krb5-conf.patch (text/plain), 14.82 KB, created by
Andreas Schneider
on 2022-03-16 14:50:33 UTC
(
hide
)
Description:
patch for 4.15
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2022-03-16 14:50:33 UTC
Size:
14.82 KB
patch
obsolete
>From 1c2a59f017e7c734906704a3417636200a242394 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 15 Mar 2022 16:53:02 +0100 >Subject: [PATCH 1/9] testprogs: Add test that local krb5.conf has been created > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit d2ac90cdd5672330ed9c323fc474f8ba62750a6f) >--- > testprogs/blackbox/test_net_ads.sh | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh >index 76b394b10a9..cfafb945b62 100755 >--- a/testprogs/blackbox/test_net_ads.sh >+++ b/testprogs/blackbox/test_net_ads.sh >@@ -51,6 +51,12 @@ fi > > testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` > >+workgroup=$(awk '/workgroup =/ { print $NR }' "${BASEDIR}/${WORKDIR}/client.conf") >+testit "local krb5.conf created" \ >+ test -r \ >+ "${BASEDIR}/${WORKDIR}/lockdir/smb_krb5/krb5.conf.${workgroup}" || >+ failed=$((failed + 1)) >+ > testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1` > > netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1') >-- >2.35.1 > > >From 699ad26aaf93f09e2a8ab2a0a8e96a2b6bc9642f Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 15 Mar 2022 12:03:40 +0100 >Subject: [PATCH 2/9] s3:libads: Remove trailing spaces in kerberos.c > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 567b1996796e5d3cf572653f38817d832fa135ca) >--- > source3/libads/kerberos.c | 18 +++++++++--------- > 1 file changed, 9 insertions(+), 9 deletions(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index 75beeef4a44..60fe03fd5d7 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -1,4 +1,4 @@ >-/* >+/* > Unix SMB/CIFS implementation. > kerberos utility library > Copyright (C) Andrew Tridgell 2001 >@@ -37,11 +37,11 @@ > #define LIBADS_CCACHE_NAME "MEMORY:libads" > > /* >- we use a prompter to avoid a crash bug in the kerberos libs when >+ we use a prompter to avoid a crash bug in the kerberos libs when > dealing with empty passwords > this prompter is just a string copy ... > */ >-static krb5_error_code >+static krb5_error_code > kerb_prompter(krb5_context ctx, void *data, > const char *name, > const char *banner, >@@ -192,7 +192,7 @@ int kerberos_kinit_password_ext(const char *given_principal, > krb5_get_init_creds_opt_set_address_list(opt, addr->addrs); > } > >- if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, discard_const_p(char,password), >+ if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, discard_const_p(char,password), > kerb_prompter, discard_const_p(char, password), > 0, NULL, opt))) { > goto out; >@@ -299,7 +299,7 @@ int ads_kdestroy(const char *cc_name) > } > > if ((code = krb5_cc_destroy (ctx, cc))) { >- DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n", >+ DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n", > error_message(code))); > } > >@@ -348,10 +348,10 @@ int kerberos_kinit_password(const char *principal, > int time_offset, > const char *cache_name) > { >- return kerberos_kinit_password_ext(principal, >- password, >- time_offset, >- 0, >+ return kerberos_kinit_password_ext(principal, >+ password, >+ time_offset, >+ 0, > 0, > cache_name, > False, >-- >2.35.1 > > >From 7f08cc68a7beaee3d36373f91948f90fca1a742c Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 15 Mar 2022 12:04:34 +0100 >Subject: [PATCH 3/9] s3:libads: Leave early on error in get_kdc_ip_string() > >This avoids useless allocations. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 313f03c78487ae49747b8143220ecbfe8ad9310a) >--- > source3/libads/kerberos.c | 17 +++++++++++------ > 1 file changed, 11 insertions(+), 6 deletions(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index 60fe03fd5d7..1bf149ef09b 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -434,9 +434,14 @@ static char *get_kdc_ip_string(char *mem_ctx, > struct netlogon_samlogon_response **responses = NULL; > NTSTATUS status; > bool ok; >- char *kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n", "", >- print_canonical_sockaddr_with_port(mem_ctx, pss)); >+ char *kdc_str = NULL; > >+ SMB_ASSERT(pss != NULL); >+ >+ kdc_str = talloc_asprintf(mem_ctx, >+ "\t\tkdc = %s\n", >+ print_canonical_sockaddr_with_port(mem_ctx, >+ pss)); > if (kdc_str == NULL) { > TALLOC_FREE(frame); > return NULL; >@@ -516,15 +521,15 @@ static char *get_kdc_ip_string(char *mem_ctx, > } > } > >- dc_addrs2 = talloc_zero_array(talloc_tos(), >- struct tsocket_address *, >- num_dcs); >- > DBG_DEBUG("%zu additional KDCs to test\n", num_dcs); > if (num_dcs == 0) { > TALLOC_FREE(kdc_str); > goto out; > } >+ >+ dc_addrs2 = talloc_zero_array(talloc_tos(), >+ struct tsocket_address *, >+ num_dcs); > if (dc_addrs2 == NULL) { > TALLOC_FREE(kdc_str); > goto out; >-- >2.35.1 > > >From c28ef12867a01ad9bf449db3ad7ab788a660a3e5 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 15 Mar 2022 12:10:47 +0100 >Subject: [PATCH 4/9] s3:libads: Improve debug messages for get_kdc_ip_string() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 7f721dc2eee0064a1ddd480fcaf77bf1659c7a26) >--- > source3/libads/kerberos.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index 1bf149ef09b..6a46d72a156 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -590,7 +590,11 @@ static char *get_kdc_ip_string(char *mem_ctx, > > result = kdc_str; > out: >- DBG_DEBUG("Returning\n%s\n", kdc_str); >+ if (result != NULL) { >+ DBG_DEBUG("Returning\n%s\n", kdc_str); >+ } else { >+ DBG_NOTICE("Failed to get KDC ip address\n"); >+ } > > TALLOC_FREE(ip_sa_site); > TALLOC_FREE(ip_sa_nonsite); >-- >2.35.1 > > >From a6361aa5d4a6b0bf269f807cf172f350216d90b8 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 15 Mar 2022 12:48:23 +0100 >Subject: [PATCH 5/9] s3:libads: Use talloc_asprintf_append() in > get_kdc_ip_string() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 812032833aa65729dbbfd4313a6e3fe072c88530) >--- > source3/libads/kerberos.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index 6a46d72a156..d1c410ffa4b 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -578,10 +578,11 @@ static char *get_kdc_ip_string(char *mem_ctx, > } > > /* Append to the string - inefficient but not done often. */ >- new_kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n", >- kdc_str, >- print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i])); >- TALLOC_FREE(kdc_str); >+ new_kdc_str = talloc_asprintf_append( >+ kdc_str, >+ "\t\tkdc = %s\n", >+ print_canonical_sockaddr_with_port( >+ mem_ctx, &dc_addrs[i])); > if (new_kdc_str == NULL) { > goto out; > } >-- >2.35.1 > > >From fe11da739cd750b4058e033d701cc9568e750d32 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 15 Mar 2022 12:56:58 +0100 >Subject: [PATCH 6/9] s3:libads: Allocate all memory on the talloc stackframe > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 652c8ce1672dfead00c7af6af22e3bb3927764ec) >--- > source3/libads/kerberos.c | 10 ++++------ > 1 file changed, 4 insertions(+), 6 deletions(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index d1c410ffa4b..aadc65a3edc 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -438,7 +438,7 @@ static char *get_kdc_ip_string(char *mem_ctx, > > SMB_ASSERT(pss != NULL); > >- kdc_str = talloc_asprintf(mem_ctx, >+ kdc_str = talloc_asprintf(frame, > "\t\tkdc = %s\n", > print_canonical_sockaddr_with_port(mem_ctx, > pss)); >@@ -459,7 +459,7 @@ static char *get_kdc_ip_string(char *mem_ctx, > */ > > if (sitename) { >- status = get_kdc_list(talloc_tos(), >+ status = get_kdc_list(frame, > realm, > sitename, > &ip_sa_site, >@@ -477,7 +477,7 @@ static char *get_kdc_ip_string(char *mem_ctx, > > /* Get all KDC's. */ > >- status = get_kdc_list(talloc_tos(), >+ status = get_kdc_list(frame, > realm, > NULL, > &ip_sa_nonsite, >@@ -589,7 +589,7 @@ static char *get_kdc_ip_string(char *mem_ctx, > kdc_str = new_kdc_str; > } > >- result = kdc_str; >+ result = talloc_move(mem_ctx, &kdc_str); > out: > if (result != NULL) { > DBG_DEBUG("Returning\n%s\n", kdc_str); >@@ -597,8 +597,6 @@ out: > DBG_NOTICE("Failed to get KDC ip address\n"); > } > >- TALLOC_FREE(ip_sa_site); >- TALLOC_FREE(ip_sa_nonsite); > TALLOC_FREE(frame); > return result; > } >-- >2.35.1 > > >From b0727e752b21bfe18f80417d889b12bdd09dee4d Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 15 Mar 2022 12:57:18 +0100 >Subject: [PATCH 7/9] s3:libads: Remove obsolete free's of kdc_str > >This is allocated on the stackframe now! > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit cca189d0934790418e27d9d01282370b1e6a057f) >--- > source3/libads/kerberos.c | 12 +----------- > 1 file changed, 1 insertion(+), 11 deletions(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index aadc65a3edc..2087dc1e6f9 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -443,13 +443,11 @@ static char *get_kdc_ip_string(char *mem_ctx, > print_canonical_sockaddr_with_port(mem_ctx, > pss)); > if (kdc_str == NULL) { >- TALLOC_FREE(frame); >- return NULL; >+ goto out; > } > > ok = sockaddr_storage_to_samba_sockaddr(&sa, pss); > if (!ok) { >- TALLOC_FREE(kdc_str); > goto out; > } > >@@ -467,7 +465,6 @@ static char *get_kdc_ip_string(char *mem_ctx, > if (!NT_STATUS_IS_OK(status)) { > DBG_ERR("get_kdc_list fail %s\n", > nt_errstr(status)); >- TALLOC_FREE(kdc_str); > goto out; > } > DBG_DEBUG("got %zu addresses from site %s search\n", >@@ -485,7 +482,6 @@ static char *get_kdc_ip_string(char *mem_ctx, > if (!NT_STATUS_IS_OK(status)) { > DBG_ERR("get_kdc_list (site-less) fail %s\n", > nt_errstr(status)); >- TALLOC_FREE(kdc_str); > goto out; > } > DBG_DEBUG("got %zu addresses from site-less search\n", count_nonsite); >@@ -493,7 +489,6 @@ static char *get_kdc_ip_string(char *mem_ctx, > if (count_site + count_nonsite < count_site) { > /* Wrap check. */ > DBG_ERR("get_kdc_list_talloc (site-less) fail wrap error\n"); >- TALLOC_FREE(kdc_str); > goto out; > } > >@@ -501,7 +496,6 @@ static char *get_kdc_ip_string(char *mem_ctx, > dc_addrs = talloc_array(talloc_tos(), struct sockaddr_storage, > count_site + count_nonsite); > if (dc_addrs == NULL) { >- TALLOC_FREE(kdc_str); > goto out; > } > >@@ -523,7 +517,6 @@ static char *get_kdc_ip_string(char *mem_ctx, > > DBG_DEBUG("%zu additional KDCs to test\n", num_dcs); > if (num_dcs == 0) { >- TALLOC_FREE(kdc_str); > goto out; > } > >@@ -531,7 +524,6 @@ static char *get_kdc_ip_string(char *mem_ctx, > struct tsocket_address *, > num_dcs); > if (dc_addrs2 == NULL) { >- TALLOC_FREE(kdc_str); > goto out; > } > >@@ -548,7 +540,6 @@ static char *get_kdc_ip_string(char *mem_ctx, > status = map_nt_error_from_unix(errno); > DEBUG(2,("Failed to create tsocket_address for %s - %s\n", > addr, nt_errstr(status))); >- TALLOC_FREE(kdc_str); > goto out; > } > } >@@ -566,7 +557,6 @@ static char *get_kdc_ip_string(char *mem_ctx, > if (!NT_STATUS_IS_OK(status)) { > DEBUG(10,("get_kdc_ip_string: cldap_multi_netlogon failed: " > "%s\n", nt_errstr(status))); >- TALLOC_FREE(kdc_str); > goto out; > } > >-- >2.35.1 > > >From a1293fcf6fa15d8f6bc7b6f7feff91bc6f782368 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 15 Mar 2022 13:02:05 +0100 >Subject: [PATCH 8/9] s3:libads: Check print_canonical_sockaddr_with_port() for > NULL in get_kdc_ip_string() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 12c843ad0a97fcbaaea738b82941533e5d2aec99) >--- > source3/libads/kerberos.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index 2087dc1e6f9..20dceeefb22 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -435,13 +435,18 @@ static char *get_kdc_ip_string(char *mem_ctx, > NTSTATUS status; > bool ok; > char *kdc_str = NULL; >+ char *canon_sockaddr = NULL; > > SMB_ASSERT(pss != NULL); > >+ canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss); >+ if (canon_sockaddr == NULL) { >+ goto out; >+ } >+ > kdc_str = talloc_asprintf(frame, > "\t\tkdc = %s\n", >- print_canonical_sockaddr_with_port(mem_ctx, >- pss)); >+ canon_sockaddr); > if (kdc_str == NULL) { > goto out; > } >-- >2.35.1 > > >From 2f0067b183f35cf8dbf8a8831fed5503c0e78f88 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 15 Mar 2022 13:10:06 +0100 >Subject: [PATCH 9/9] s3:libads: Fix creating local krb5.conf >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >We create an KDC ip string entry directly at the beginning, use it if we >don't have any additional DCs. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> > >Autobuild-User(master): Günther Deschner <gd@samba.org> >Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184 > >(cherry picked from commit 68d181ee676e17a5cdcfc12c5cc7eef242fdfa6c) >--- > source3/libads/kerberos.c | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c >index 20dceeefb22..3fd86e87064 100644 >--- a/source3/libads/kerberos.c >+++ b/source3/libads/kerberos.c >@@ -522,6 +522,11 @@ static char *get_kdc_ip_string(char *mem_ctx, > > DBG_DEBUG("%zu additional KDCs to test\n", num_dcs); > if (num_dcs == 0) { >+ /* >+ * We do not have additional KDCs, but we have the one passed >+ * in via `pss`. So just use that one and leave. >+ */ >+ result = talloc_move(mem_ctx, &kdc_str); > goto out; > } > >-- >2.35.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17217">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
gd
:
review+
metze
:
review+
Actions:
View
Attachments on
bug 15016
:
17216
| 17217