The branch, master has been updated via e5c7ec6 winreg: add winreg_RestoreKeyFlags to IDL. via 95f9542 s3-auth: remove global include of krb5pac.h. via 16c2d91 s3-printing: add debug to get_correct_cversion(). via bf3912b s3-libads: avoid crashing in ads_keytab_list(). via d5436c6 s3-auth: remove unused variable in check_sam_security(). via d8c9756 s3-kerberos: use more krb5 compat macros in get_mem_keytab_from_secrets(). via 765bee9 s3-kerberos: use smb_get_enctype_from_kt_entry() in get_mem_keytab_from_secrets(). via e26a936 s3-kerberos: use get_kerberos_allowed_etypes in fill_keytab_from_password(). via 9986d25 s3-kerberos: use krb5 compat macros in fill_keytab_from_password(). via 3d78279 s3-kerberos: fix flush_keytab() compile with heimdal. from a20e94b Revert "s4/heimdal_build: use GetTimeOfDay macro instead of gettimeofday"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit e5c7ec66982e6d2705c7a103aff5502f441404bb Author: Günther Deschner <g...@samba.org> Date: Tue Aug 31 16:58:23 2010 +0200 winreg: add winreg_RestoreKeyFlags to IDL. Guenther commit 95f9542e055d027adeb596a2c67fe48add77033c Author: Günther Deschner <g...@samba.org> Date: Tue Aug 31 23:09:39 2010 +0200 s3-auth: remove global include of krb5pac.h. Guenther commit 16c2d9182d0c0ff55eba4d8bce2931b579b00339 Author: Günther Deschner <g...@samba.org> Date: Tue Aug 31 16:58:54 2010 +0200 s3-printing: add debug to get_correct_cversion(). Guenther commit bf3912be46b2cac71a1ff89f548b9e3528872c6c Author: Günther Deschner <g...@samba.org> Date: Tue Aug 31 14:27:56 2010 +0200 s3-libads: avoid crashing in ads_keytab_list(). Heimdal's krb5_kt_start_seq_get() will leave a non 0 fd in the krb5_kt_cursor struct when it cannot find a given keytab. Guenther commit d5436c650c806bb04424205b1d5c9c699b051d7d Author: Günther Deschner <g...@samba.org> Date: Tue Aug 31 17:25:18 2010 +0200 s3-auth: remove unused variable in check_sam_security(). Guenther commit d8c9756d539f9a869bd09fb67b3adcbd2a6a0fc0 Author: Günther Deschner <g...@samba.org> Date: Tue Aug 31 22:28:00 2010 +0200 s3-kerberos: use more krb5 compat macros in get_mem_keytab_from_secrets(). Guenther commit 765bee9d7a2ea990db37e7811fe449af3c61e7a0 Author: Günther Deschner <g...@samba.org> Date: Tue Aug 31 22:27:32 2010 +0200 s3-kerberos: use smb_get_enctype_from_kt_entry() in get_mem_keytab_from_secrets(). Guenther commit e26a9363335fa0c6e72f46531395bf0f9d950e83 Author: Günther Deschner <g...@samba.org> Date: Tue Aug 31 11:04:40 2010 +0200 s3-kerberos: use get_kerberos_allowed_etypes in fill_keytab_from_password(). Guenther commit 9986d25ed195ee77bd73c96f057c527b4c3a8f03 Author: Günther Deschner <g...@samba.org> Date: Tue Aug 31 11:00:03 2010 +0200 s3-kerberos: use krb5 compat macros in fill_keytab_from_password(). Guenther commit 3d78279fd437a5ef5b4ed7ff88c1f605cd0999d9 Author: Günther Deschner <g...@samba.org> Date: Tue Aug 31 11:01:23 2010 +0200 s3-kerberos: fix flush_keytab() compile with heimdal. krb5_kt_cursor is not a pointer in heimdal but a struct. Guenther ----------------------------------------------------------------------- Summary of changes: auth/common_auth.h | 2 - librpc/idl/winreg.idl | 10 ++++++- source3/auth/check_samsec.c | 2 +- source3/auth/user_info.c | 1 + source3/auth/user_krb5.c | 1 + source3/include/proto.h | 2 +- source3/libads/kerberos_keytab.c | 1 + source3/librpc/rpc/dcerpc_krb5.c | 51 +++++++++++++++++++------------------ source3/printing/nt_printing.c | 1 + 9 files changed, 41 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/common_auth.h b/auth/common_auth.h index 4ae5df9..c64b46c 100644 --- a/auth/common_auth.h +++ b/auth/common_auth.h @@ -17,8 +17,6 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#include "librpc/gen_ndr/krb5pac.h" - #define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */ #define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */ #define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* don't check unix account status */ diff --git a/librpc/idl/winreg.idl b/librpc/idl/winreg.idl index 48fddb7..c5da328 100644 --- a/librpc/idl/winreg.idl +++ b/librpc/idl/winreg.idl @@ -281,10 +281,18 @@ import "lsa.idl", "security.idl", "misc.idl"; /******************/ /* Function: 0x13 */ + + typedef [public,bitmap32bit] bitmap { + REG_WHOLE_HIVE_VOLATILE = 0x00000001, + REG_REFRESH_HIVE = 0x00000002, + REG_NO_LAZY_FLUSH = 0x00000004, + REG_FORCE_RESTORE = 0x00000008 + } winreg_RestoreKeyFlags; + WERROR winreg_RestoreKey( [in,ref] policy_handle *handle, [in,ref] winreg_String *filename, - [in] uint32 flags + [in] winreg_RestoreKeyFlags flags ); /******************/ diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index 8460110..299f43a 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -373,7 +373,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, NTSTATUS update_login_attempts_status; DATA_BLOB user_sess_key = data_blob_null; DATA_BLOB lm_sess_key = data_blob_null; - bool updated_autolock = False, updated_badpw = False; + bool updated_badpw = False; const char *username; const uint8_t *nt_pw; const uint8_t *lm_pw; diff --git a/source3/auth/user_info.c b/source3/auth/user_info.c index d5319a4..3d4ee08 100644 --- a/source3/auth/user_info.c +++ b/source3/auth/user_info.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "librpc/gen_ndr/samr.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c index 580e71a..9d6b6a4 100644 --- a/source3/auth/user_krb5.c +++ b/source3/auth/user_krb5.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "librpc/gen_ndr/krb5pac.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH diff --git a/source3/include/proto.h b/source3/include/proto.h index 7af0d08..a49aa66 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4856,7 +4856,7 @@ const struct mangle_fns *posix_mangle_init(void); bool map_username(fstring user); /* The following definitions come from auth/user_krb5.c */ - +struct PAC_LOGON_INFO; NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx, const char *cli_name, const char *princ_name, diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index 94698c6..721a8c6 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -756,6 +756,7 @@ int ads_keytab_list(const char *keytab_name) ret = krb5_kt_start_seq_get(context, keytab, &cursor); if (ret) { + ZERO_STRUCT(cursor); goto out; } diff --git a/source3/librpc/rpc/dcerpc_krb5.c b/source3/librpc/rpc/dcerpc_krb5.c index 561259a..2d39a45 100644 --- a/source3/librpc/rpc/dcerpc_krb5.c +++ b/source3/librpc/rpc/dcerpc_krb5.c @@ -27,7 +27,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) { krb5_error_code ret; - krb5_kt_cursor kt_cursor = NULL; + krb5_kt_cursor kt_cursor; krb5_keytab_entry kt_entry; ZERO_STRUCT(kt_entry); @@ -118,7 +118,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, krb5_keytab_entry kt_entry; unsigned int i; - ret = krb5_get_permitted_enctypes(krbctx, &enctypes); + ret = get_kerberos_allowed_etypes(krbctx, &enctypes); if (ret) { DEBUG(1, (__location__ ": Can't determine permitted enctypes!\n")); @@ -128,10 +128,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, for (i = 0; enctypes[i]; i++) { krb5_keyblock *key = NULL; - if (!(key = SMB_MALLOC_P(krb5_keyblock))) { - ret = ENOMEM; - goto out; - } + key = KRB5_KT_KEY(&kt_entry); if (create_kerberos_key_from_string(krbctx, princ, password, key, @@ -139,13 +136,11 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, DEBUG(10, ("Failed to create key for enctype %d " "(error: %s)\n", enctypes[i], error_message(ret))); - SAFE_FREE(key); continue; } kt_entry.principal = princ; kt_entry.vno = vno; - kt_entry.key = *key; ret = krb5_kt_add_entry(krbctx, keytab, &kt_entry); if (ret) { @@ -175,7 +170,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx, krb5_error_code ret; char *pwd = NULL; size_t pwd_len; - krb5_kt_cursor kt_cursor = NULL; + krb5_kt_cursor kt_cursor; krb5_keytab_entry kt_entry; krb5_data password; krb5_principal princ = NULL; @@ -205,6 +200,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx, } ZERO_STRUCT(kt_entry); + ZERO_STRUCT(kt_cursor); /* check if the keytab already has any entry */ ret = krb5_kt_start_seq_get(krbctx, *keytab, &kt_cursor); @@ -214,7 +210,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx, * we can verify if the keytab needs to be upgraded */ while ((ret = krb5_kt_next_entry(krbctx, *keytab, &kt_entry, &kt_cursor)) == 0) { - if (kt_entry.key.enctype == CLEARTEXT_PRIV_ENCTYPE) { + if (smb_get_enctype_from_kt_entry(&kt_entry) == CLEARTEXT_PRIV_ENCTYPE) { break; } smb_krb5_kt_free_entry(krbctx, &kt_entry); @@ -232,8 +228,8 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx, /* found private entry, * check if keytab is up to date */ - if ((pwd_len == kt_entry.key.length) && - (memcmp(kt_entry.key.contents, + if ((pwd_len == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) && + (memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)), pwd, pwd_len) == 0)) { /* keytab is already up to date, return */ smb_krb5_kt_free_entry(krbctx, &kt_entry); @@ -254,11 +250,13 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx, } } - if (kt_cursor) { - /* stop enumeration and free cursor */ - krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor); - kt_cursor = NULL; - } + { + krb5_kt_cursor zero_csr; + ZERO_STRUCT(zero_csr); + if ((memcmp(&kt_cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) && *keytab) { + krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor); + } + } /* keytab is not up to date, fill it up */ @@ -297,9 +295,10 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx, ZERO_STRUCT(kt_entry); kt_entry.principal = princ; kt_entry.vno = 0; - kt_entry.key.enctype = CLEARTEXT_PRIV_ENCTYPE; - kt_entry.key.length = pwd_len; - kt_entry.key.contents = (uint8_t *)pwd; + + KRB5_KEY_TYPE(KRB5_KT_KEY(&kt_entry)) = CLEARTEXT_PRIV_ENCTYPE; + KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry)) = pwd_len; + KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)) = (uint8_t *)pwd; ret = krb5_kt_add_entry(krbctx, *keytab, &kt_entry); if (ret) { @@ -315,11 +314,13 @@ out: SAFE_FREE(pwd); SAFE_FREE(pwd_old); - if (kt_cursor) { - /* stop enumeration and free cursor */ - krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor); - kt_cursor = NULL; - } + { + krb5_kt_cursor zero_csr; + ZERO_STRUCT(zero_csr); + if ((memcmp(&kt_cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) && *keytab) { + krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor); + } + } if (princ) { krb5_free_principal(krbctx, princ); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 0b23a97..97899fd 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -642,6 +642,7 @@ static uint32 get_correct_cversion(struct pipes_struct *p, nt_status = vfs_file_exist(conn, smb_fname); if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(3,("get_correct_cversion: vfs_file_exist failed\n")); *perr = WERR_BADFILE; goto error_exit; } -- Samba Shared Repository