The Samba-Bugzilla – Attachment 4991 Details for
Bug 6868
make bin/cifs.upcall fails
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
3-4-test version of the patch
v3-4-test.patch (text/plain), 4.30 KB, created by
Guenther Deschner
on 2009-11-24 04:33:28 UTC
(
hide
)
Description:
3-4-test version of the patch
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2009-11-24 04:33:28 UTC
Size:
4.30 KB
patch
obsolete
>From 57cc6b9c1232832312cc83a5ba0fd9061bfe5188 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 12 Nov 2009 00:51:46 +0100 >Subject: [PATCH 1/2] s3-kerberos: add smb_krb5_principal_get_realm(). > >Guenther >--- > source3/include/includes.h | 3 ++- > source3/libsmb/clikrb5.c | 25 +++++++++++++++++++++++++ > 2 files changed, 27 insertions(+), 1 deletions(-) > >diff --git a/source3/include/includes.h b/source3/include/includes.h >index 4dee258..ea9a159 100644 >--- a/source3/include/includes.h >+++ b/source3/include/includes.h >@@ -1025,7 +1025,8 @@ int smb_krb5_kt_add_entry_ext(krb5_context context, > krb5_data password, > bool no_salt, > bool keep_old_entries); >- >+char *smb_krb5_principal_get_realm(krb5_context context, >+ krb5_principal principal); > #endif /* HAVE_KRB5 */ > > >diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c >index 76d99c1..6e6793b 100644 >--- a/source3/libsmb/clikrb5.c >+++ b/source3/libsmb/clikrb5.c >@@ -1941,6 +1941,31 @@ krb5_error_code krb5_auth_con_set_req_cksumtype( > } > #endif > >+/* >+ * smb_krb5_principal_get_realm >+ * >+ * @brief Get realm of a principal >+ * >+ * @param[in] context The krb5_context >+ * @param[in] principal The principal >+ * @return pointer to the realm >+ * >+ */ >+ >+char *smb_krb5_principal_get_realm(krb5_context context, >+ krb5_principal principal) >+{ >+#ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */ >+ return krb5_principal_get_realm(context, principal); >+#elif defined(krb5_princ_realm) /* MIT */ >+ krb5_data *realm; >+ realm = krb5_princ_realm(context, principal); >+ return (char *)realm->data; >+#else >+ return NULL; >+#endif >+} >+ > #else /* HAVE_KRB5 */ > /* this saves a few linking headaches */ > int cli_krb5_get_ticket(const char *principal, time_t time_offset, >-- >1.6.5.2 > > >From f1b113d989b8596638331e13e8f7af28a7895173 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 12 Nov 2009 00:52:38 +0100 >Subject: [PATCH 2/2] cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT. > >Guenther >(cherry picked from commit b29eed492f1c056adb0b53510be10e738276ca11) >--- > source3/client/cifs.upcall.c | 34 ++++++++++++++++------------------ > 1 files changed, 16 insertions(+), 18 deletions(-) > >diff --git a/source3/client/cifs.upcall.c b/source3/client/cifs.upcall.c >index 71e60c6..ecd0348 100644 >--- a/source3/client/cifs.upcall.c >+++ b/source3/client/cifs.upcall.c >@@ -44,18 +44,6 @@ typedef enum _sectype { > MS_KRB5 > } sectype_t; > >-static inline int >-k5_data_equal(krb5_data d1, krb5_data d2, unsigned int length) >-{ >- if (!length) >- length = d1.length; >- >- return (d1.length == length && >- d1.length == d2.length && >- memcmp(d1.data, d2.data, length) == 0); >- >-} >- > /* does the ccache have a valid TGT? */ > static time_t > get_tgt_time(const char *ccname) { >@@ -64,9 +52,8 @@ get_tgt_time(const char *ccname) { > krb5_cc_cursor cur; > krb5_creds creds; > krb5_principal principal; >- krb5_data tgt = { .data = "krbtgt", >- .length = 6 }; > time_t credtime = 0; >+ char *realm = NULL; > > if (krb5_init_context(&context)) { > syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__); >@@ -93,16 +80,27 @@ get_tgt_time(const char *ccname) { > goto err_ccstart; > } > >+ if ((realm = smb_krb5_principal_get_realm(context, principal)) == NULL) { >+ syslog(LOG_DEBUG, "%s: unable to get realm", __func__); >+ goto err_ccstart; >+ } >+ > while (!credtime && !krb5_cc_next_cred(context, ccache, &cur, &creds)) { >- if (k5_data_equal(creds.server->realm, principal->realm, 0) && >- k5_data_equal(creds.server->data[0], tgt, tgt.length) && >- k5_data_equal(creds.server->data[1], principal->realm, 0) && >+ char *name; >+ if (smb_krb5_unparse_name(NULL, context, creds.server, &name)) { >+ syslog(LOG_DEBUG, "%s: unable to unparse name", __func__); >+ goto err_endseq; >+ } >+ if (krb5_realm_compare(context, creds.server, principal) && >+ strnequal(name, KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE) && >+ strnequal(name+KRB5_TGS_NAME_SIZE+1, realm, strlen(realm)) && > creds.times.endtime > time(NULL)) > credtime = creds.times.endtime; > krb5_free_cred_contents(context, &creds); >+ TALLOC_FREE(name); > } >+err_endseq: > krb5_cc_end_seq_get(context, ccache, &cur); >- > err_ccstart: > krb5_free_principal(context, principal); > err_princ: >-- >1.6.5.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4991">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6868
:
4952
| 4991 |
5012
|
5361
|
5362