The Samba-Bugzilla – Attachment 8878 Details for
Bug 9874
User Accounts with spaces in them can authenticate with NTLM but not KRB5 when linked with Heimdal
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
A patch that 'fixes' two instances of naked krb5_unparse_name calls and handles escaped space
krb_unpars_name.patch (text/plain), 2.96 KB, created by
Richard Sharpe
on 2013-05-11 14:24:54 UTC
(
hide
)
Description:
A patch that 'fixes' two instances of naked krb5_unparse_name calls and handles escaped space
Filename:
MIME Type:
Creator:
Richard Sharpe
Created:
2013-05-11 14:24:54 UTC
Size:
2.96 KB
patch
obsolete
>diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c >index cc51f56..62e8e16 100644 >--- a/auth/credentials/credentials_krb5.c >+++ b/auth/credentials/credentials_krb5.c >@@ -101,7 +101,7 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, > return ret; > } > >- ret = krb5_unparse_name(ccache->smb_krb5_context->krb5_context, princ, &name); >+ ret = smb_krb5_unparse_name(cred, ccache->smb_krb5_context->krb5_context, princ, &name); > if (ret) { > (*error_string) = talloc_asprintf(cred, "failed to unparse principal from ccache: %s\n", > smb_get_krb5_error_message(ccache->smb_krb5_context->krb5_context, >@@ -111,7 +111,7 @@ static int cli_credentials_set_from_ccache(struct cli_credentials *cred, > > cli_credentials_set_principal(cred, name, obtained); > >- free(name); >+ talloc_free(name); > > krb5_free_principal(ccache->smb_krb5_context->krb5_context, princ); > >diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c >index 3a2401a..69dd28b 100644 >--- a/lib/krb5_wrap/krb5_samba.c >+++ b/lib/krb5_wrap/krb5_samba.c >@@ -419,6 +419,9 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, > return ret; > } > >+ /* Get rid of quoted spaces from Heimdal */ >+ string_sub(utf8_name, "\\ ", " ", 0); >+ > if (!pull_utf8_talloc(mem_ctx, unix_name, utf8_name, &converted_size)) { > krb5_free_unparsed_name(context, utf8_name); > return ENOMEM; >diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c >index 140a165..e82f945 100644 >--- a/source4/auth/gensec/gensec_krb5.c >+++ b/source4/auth/gensec/gensec_krb5.c >@@ -695,7 +695,8 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security > return NT_STATUS_NO_MEMORY; > } > >- ret = krb5_unparse_name(gensec_krb5_state->smb_krb5_context->krb5_context, >+ ret = smb_krb5_unparse_name(tmp_ctx, >+ gensec_krb5_state->smb_krb5_context->krb5_context, > client_principal, &principal_string); > if (ret) { > DEBUG(1, ("Unable to parse client principal: %s\n", >@@ -719,7 +720,6 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security > /* Found pac */ > pac_blob = data_blob_talloc(tmp_ctx, pac_data.data, pac_data.length); > if (!pac_blob.data) { >- free(principal_string); > krb5_free_principal(context, client_principal); > talloc_free(tmp_ctx); > return NT_STATUS_NO_MEMORY; >@@ -734,7 +734,6 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security > gensec_krb5_state->ticket->ticket.authtime, NULL); > > if (!NT_STATUS_IS_OK(nt_status)) { >- free(principal_string); > krb5_free_principal(context, client_principal); > talloc_free(tmp_ctx); > return nt_status; >@@ -750,7 +749,6 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security > gensec_get_remote_address(gensec_security), > &session_info); > >- free(principal_string); > krb5_free_principal(context, client_principal); > > if (!NT_STATUS_IS_OK(nt_status)) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9874
: 8878