The branch, master has been updated
via 9eb27f296ae third_party/heimdal_build: Determine whether time_t is
signed
via 9936038fae7 s4:kdc: Don't pass empty PAC buffers to
krb5_pac_add_buffer()
via 6d8fec7006e third_party/heimdal_build: Add KDC_LIB macro definitions
via ef95fb43923 auth: Cope with NULL upn_name in PAC
via f6fe86924c2 s4:sam: Don't use talloc_steal for msg attributes in
authsam_make_user_info_dc()
from afc2103da0f vfs_shadow_copy2: remove async getxattrat
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9eb27f296ae2b797803fffbb7f4cb34d8eb06f34
Author: Joseph Sutton <josephsut...@catalyst.net.nz>
Date: Thu Feb 24 15:24:13 2022 +1300
third_party/heimdal_build: Determine whether time_t is signed
Without this, Heimdal will assume time_t is unsigned, and a wrong
assumption will cause 'infinite' ticket lifetimes to be reckoned as from
the past, and thus requests will fail with KDC_ERR_NEVER_VALID.
This is an adaptation to Heimdal:
commit 9ae9902249732237aa1711591604a6adf24963fe
Author: Nicolas Williams <n...@twosigma.com>
Date: Tue Feb 15 17:01:00 2022 -0600
cf: Check if time_t is signed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Tue Mar 1 18:07:50 UTC 2022 on sn-devel-184
commit 9936038fae72fb440864be543e9afd500444d502
Author: Joseph Sutton <josephsut...@catalyst.net.nz>
Date: Thu Feb 24 15:30:17 2022 +1300
s4:kdc: Don't pass empty PAC buffers to krb5_pac_add_buffer()
Heimdal will no longer allow us to pass a dummy zero-length buffer to
krb5_pac_add_buffer(), so we have to pass a buffer of length 1 instead.
This is an adaption to Heimdal:
commit 190263bb7a56fc775b50a6cd0dc91820d2b2e5eb
Author: Jeffrey Altman <jalt...@secure-endpoints.com>
Date: Wed Jan 19 22:55:33 2022 -0500
assert non-NULL ptrs before calling mem funcs
The definitions of memcpy(), memmove(), and memset() state that
the behaviour is undefined if any of the pointer arguments are
NULL, and some compilers are known to make use of this to
optimise away existing NULL checks in the source.
Change-Id: I489bc256e3eac7ff41d91becb0b43aba73dbb3f9
Link: https://www.imperialviolet.org/2016/06/26/nonnull.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 6d8fec7006e8eadf5967a6f2f5add7d3c2c7bd3e
Author: Joseph Sutton <josephsut...@catalyst.net.nz>
Date: Tue Feb 22 15:30:17 2022 +1300
third_party/heimdal_build: Add KDC_LIB macro definitions
This is an adaptation to Heimdal:
commit 7bb00a40eabbed2bc1c268f5244bfb9736d9bebe
Author: Luke Howard <lu...@padl.com>
Date: Tue Jan 4 13:08:35 2022 +1100
kdc: fix Windows build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit ef95fb439237910b945b8d6a3ad4a140a8d6d1ea
Author: Joseph Sutton <josephsut...@catalyst.net.nz>
Date: Tue Feb 22 14:15:43 2022 +1300
auth: Cope with NULL upn_name in PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit f6fe86924c2ca756083d3628d5dbace0b12d06b0
Author: Stefan Metzmacher <me...@samba.org>
Date: Fri Feb 25 07:40:17 2022 +0100
s4:sam: Don't use talloc_steal for msg attributes in
authsam_make_user_info_dc()
This is most likely not a problem for the current callers,
but that it is unexpected and will likely cause problems with future
changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14993
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/auth_sam_reply.c | 12 +++++++-----
buildtools/wafsamba/samba_autoconf.py | 17 +++++++++++++++++
source4/auth/sam.c | 19 ++++++++++++++-----
source4/kdc/pac-glue.c | 5 +++--
third_party/heimdal_build/wscript_build | 2 +-
third_party/heimdal_build/wscript_configure | 2 ++
6 files changed, 44 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index b5b6362dc93..fda014c87d5 100644
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -616,11 +616,13 @@ NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
}
if (pac_upn_dns_info != NULL) {
- user_info_dc->info->user_principal_name =
- talloc_strdup(user_info_dc->info,
- pac_upn_dns_info->upn_name);
- if (user_info_dc->info->user_principal_name == NULL) {
- return NT_STATUS_NO_MEMORY;
+ if (pac_upn_dns_info->upn_name != NULL) {
+ user_info_dc->info->user_principal_name =
+ talloc_strdup(user_info_dc->info,
+ pac_upn_dns_info->upn_name);
+ if (user_info_dc->info->user_principal_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
}
user_info_dc->info->dns_domain_name =
diff --git a/buildtools/wafsamba/samba_autoconf.py
b/buildtools/wafsamba/samba_autoconf.py
index 8b499825230..78927d85193 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -343,6 +343,23 @@ def CHECK_SIZEOF(conf, vars, headers=None, define=None,
critical=True):
sys.exit(1)
return ret
+@conf
+def CHECK_SIGN(conf, v, headers=None):
+ '''check the sign of a type'''
+ define_name = v.upper().replace(' ', '_')
+ for op, signed in [('<', 'signed'),
+ ('>', 'unsigned')]:
+ if CHECK_CODE(conf,
+ f'static int test_array[1 - 2 * !((({v})-1) {op} 0)];',
+ define=f'{define_name}_{signed.upper()}',
+ quote=False,
+ headers=headers,
+ local_include=False,
+ msg=f"Checking if '{v}' is {signed}"):
+ return True
+
+ return False
+
@conf
def CHECK_VALUEOF(conf, v, headers=None, define=None):
'''check the value of a variable/define'''
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 93b41be3b21..8b233bab3ad 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -454,12 +454,15 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX
*mem_ctx,
user_info_dc->info = info = talloc_zero(user_info_dc, struct
auth_user_info);
NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
- info->account_name = talloc_steal(info,
- ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL));
+ str = ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL);
+ info->account_name = talloc_strdup(info, str);
+ if (info->account_name == NULL) {
+ TALLOC_FREE(user_info_dc);
+ return NT_STATUS_NO_MEMORY;
+ }
- info->user_principal_name = talloc_steal(info,
- ldb_msg_find_attr_as_string(msg, "userPrincipalName", NULL));
- if (info->user_principal_name == NULL && dns_domain_name != NULL) {
+ str = ldb_msg_find_attr_as_string(msg, "userPrincipalName", NULL);
+ if (str == NULL && dns_domain_name != NULL) {
info->user_principal_name = talloc_asprintf(info, "%s@%s",
info->account_name,
dns_domain_name);
@@ -468,6 +471,12 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX
*mem_ctx,
return NT_STATUS_NO_MEMORY;
}
info->user_principal_constructed = true;
+ } else if (str != NULL) {
+ info->user_principal_name = talloc_strdup(info, str);
+ if (info->user_principal_name == NULL) {
+ TALLOC_FREE(user_info_dc);
+ return NT_STATUS_NO_MEMORY;
+ }
}
info->domain_name = talloc_strdup(info, domain_name);
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index eac1612ca2b..dc6db122865 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -517,9 +517,10 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
krb5_data deleg_data;
krb5_error_code ret;
#ifdef SAMBA4_USES_HEIMDAL
+ char null_byte = '\0';
krb5_data null_data = {
- .length = 0,
- .data = NULL,
+ .length = 1,
+ .data = &null_byte,
};
#endif
diff --git a/third_party/heimdal_build/wscript_build
b/third_party/heimdal_build/wscript_build
index 7780f9c1324..cf7c2b9a342 100644
--- a/third_party/heimdal_build/wscript_build
+++ b/third_party/heimdal_build/wscript_build
@@ -445,7 +445,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KDC"):
includes='../heimdal/kdc',
deps='roken krb5 hdb asn1 HEIMDAL_DIGEST_ASN1
HEIMDAL_KX509_ASN1 heimntlm hcrypto com_err wind heimbase gssapi gss_preauth',
version_script='kdc/version-script.map')
- HEIMDAL_AUTOPROTO('kdc/kdc-protos.h', KDC_SOURCE)
+ HEIMDAL_AUTOPROTO('kdc/kdc-protos.h', KDC_SOURCE, options='-E KDC_LIB -q
-P comment -o')
HEIMDAL_AUTOPROTO_PRIVATE('kdc/kdc-private.h', KDC_SOURCE)
if not bld.CONFIG_SET("USING_SYSTEM_HEIMNTLM"):
diff --git a/third_party/heimdal_build/wscript_configure
b/third_party/heimdal_build/wscript_configure
index 023935d98c0..0021cd328ec 100644
--- a/third_party/heimdal_build/wscript_configure
+++ b/third_party/heimdal_build/wscript_configure
@@ -206,3 +206,5 @@ if conf.CONFIG_SET('USING_EMBEDDED_HEIMDAL'):
conf.define('HAVE_KRB5_ADDLOG_FUNC_NEED_CONTEXT', 1)
else:
pass # TODO
+
+conf.CHECK_SIGN('time_t')
--
Samba Shared Repository
