The branch, master has been updated via 68d181ee676 s3:libads: Fix creating local krb5.conf via 12c843ad0a9 s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string() via cca189d0934 s3:libads: Remove obsolete free's of kdc_str via 652c8ce1672 s3:libads: Allocate all memory on the talloc stackframe via 812032833aa s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string() via 7f721dc2eee s3:libads: Improve debug messages for get_kdc_ip_string() via 313f03c7848 s3:libads: Leave early on error in get_kdc_ip_string() via 567b1996796 s3:libads: Remove trailing spaces in kerberos.c via d2ac90cdd56 testprogs: Add test that local krb5.conf has been created from d8e966da1c8 smbd: Remove a few vfs_stat() calls
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 68d181ee676e17a5cdcfc12c5cc7eef242fdfa6c Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 15 13:10:06 2022 +0100 s3:libads: Fix creating local krb5.conf We create an KDC ip string entry directly at the beginning, use it if we don't have any additional DCs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> Autobuild-User(master): Günther Deschner <g...@samba.org> Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184 commit 12c843ad0a97fcbaaea738b82941533e5d2aec99 Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 15 13:02:05 2022 +0100 s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit cca189d0934790418e27d9d01282370b1e6a057f Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 15 12:57:18 2022 +0100 s3:libads: Remove obsolete free's of kdc_str This is allocated on the stackframe now! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 652c8ce1672dfead00c7af6af22e3bb3927764ec Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 15 12:56:58 2022 +0100 s3:libads: Allocate all memory on the talloc stackframe BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 812032833aa65729dbbfd4313a6e3fe072c88530 Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 15 12:48:23 2022 +0100 s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 7f721dc2eee0064a1ddd480fcaf77bf1659c7a26 Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 15 12:10:47 2022 +0100 s3:libads: Improve debug messages for get_kdc_ip_string() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 313f03c78487ae49747b8143220ecbfe8ad9310a Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 15 12:04:34 2022 +0100 s3:libads: Leave early on error in get_kdc_ip_string() This avoids useless allocations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit 567b1996796e5d3cf572653f38817d832fa135ca Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 15 12:03:40 2022 +0100 s3:libads: Remove trailing spaces in kerberos.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> commit d2ac90cdd5672330ed9c323fc474f8ba62750a6f Author: Andreas Schneider <a...@samba.org> Date: Tue Mar 15 16:53:02 2022 +0100 testprogs: Add test that local krb5.conf has been created BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/libads/kerberos.c | 80 +++++++++++++++++++++----------------- testprogs/blackbox/test_net_ads.sh | 6 +++ 2 files changed, 50 insertions(+), 36 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 75beeef4a44..3fd86e87064 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. kerberos utility library Copyright (C) Andrew Tridgell 2001 @@ -37,11 +37,11 @@ #define LIBADS_CCACHE_NAME "MEMORY:libads" /* - we use a prompter to avoid a crash bug in the kerberos libs when + we use a prompter to avoid a crash bug in the kerberos libs when dealing with empty passwords this prompter is just a string copy ... */ -static krb5_error_code +static krb5_error_code kerb_prompter(krb5_context ctx, void *data, const char *name, const char *banner, @@ -192,7 +192,7 @@ int kerberos_kinit_password_ext(const char *given_principal, krb5_get_init_creds_opt_set_address_list(opt, addr->addrs); } - if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, discard_const_p(char,password), + if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, discard_const_p(char,password), kerb_prompter, discard_const_p(char, password), 0, NULL, opt))) { goto out; @@ -299,7 +299,7 @@ int ads_kdestroy(const char *cc_name) } if ((code = krb5_cc_destroy (ctx, cc))) { - DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n", + DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n", error_message(code))); } @@ -348,10 +348,10 @@ int kerberos_kinit_password(const char *principal, int time_offset, const char *cache_name) { - return kerberos_kinit_password_ext(principal, - password, - time_offset, - 0, + return kerberos_kinit_password_ext(principal, + password, + time_offset, + 0, 0, cache_name, False, @@ -434,17 +434,25 @@ static char *get_kdc_ip_string(char *mem_ctx, struct netlogon_samlogon_response **responses = NULL; NTSTATUS status; bool ok; - char *kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n", "", - print_canonical_sockaddr_with_port(mem_ctx, pss)); + char *kdc_str = NULL; + char *canon_sockaddr = NULL; + + SMB_ASSERT(pss != NULL); + + canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss); + if (canon_sockaddr == NULL) { + goto out; + } + kdc_str = talloc_asprintf(frame, + "\t\tkdc = %s\n", + canon_sockaddr); if (kdc_str == NULL) { - TALLOC_FREE(frame); - return NULL; + goto out; } ok = sockaddr_storage_to_samba_sockaddr(&sa, pss); if (!ok) { - TALLOC_FREE(kdc_str); goto out; } @@ -454,7 +462,7 @@ static char *get_kdc_ip_string(char *mem_ctx, */ if (sitename) { - status = get_kdc_list(talloc_tos(), + status = get_kdc_list(frame, realm, sitename, &ip_sa_site, @@ -462,7 +470,6 @@ static char *get_kdc_ip_string(char *mem_ctx, if (!NT_STATUS_IS_OK(status)) { DBG_ERR("get_kdc_list fail %s\n", nt_errstr(status)); - TALLOC_FREE(kdc_str); goto out; } DBG_DEBUG("got %zu addresses from site %s search\n", @@ -472,7 +479,7 @@ static char *get_kdc_ip_string(char *mem_ctx, /* Get all KDC's. */ - status = get_kdc_list(talloc_tos(), + status = get_kdc_list(frame, realm, NULL, &ip_sa_nonsite, @@ -480,7 +487,6 @@ static char *get_kdc_ip_string(char *mem_ctx, if (!NT_STATUS_IS_OK(status)) { DBG_ERR("get_kdc_list (site-less) fail %s\n", nt_errstr(status)); - TALLOC_FREE(kdc_str); goto out; } DBG_DEBUG("got %zu addresses from site-less search\n", count_nonsite); @@ -488,7 +494,6 @@ static char *get_kdc_ip_string(char *mem_ctx, if (count_site + count_nonsite < count_site) { /* Wrap check. */ DBG_ERR("get_kdc_list_talloc (site-less) fail wrap error\n"); - TALLOC_FREE(kdc_str); goto out; } @@ -496,7 +501,6 @@ static char *get_kdc_ip_string(char *mem_ctx, dc_addrs = talloc_array(talloc_tos(), struct sockaddr_storage, count_site + count_nonsite); if (dc_addrs == NULL) { - TALLOC_FREE(kdc_str); goto out; } @@ -516,17 +520,20 @@ static char *get_kdc_ip_string(char *mem_ctx, } } - dc_addrs2 = talloc_zero_array(talloc_tos(), - struct tsocket_address *, - num_dcs); - DBG_DEBUG("%zu additional KDCs to test\n", num_dcs); if (num_dcs == 0) { - TALLOC_FREE(kdc_str); + /* + * We do not have additional KDCs, but we have the one passed + * in via `pss`. So just use that one and leave. + */ + result = talloc_move(mem_ctx, &kdc_str); goto out; } + + dc_addrs2 = talloc_zero_array(talloc_tos(), + struct tsocket_address *, + num_dcs); if (dc_addrs2 == NULL) { - TALLOC_FREE(kdc_str); goto out; } @@ -543,7 +550,6 @@ static char *get_kdc_ip_string(char *mem_ctx, status = map_nt_error_from_unix(errno); DEBUG(2,("Failed to create tsocket_address for %s - %s\n", addr, nt_errstr(status))); - TALLOC_FREE(kdc_str); goto out; } } @@ -561,7 +567,6 @@ static char *get_kdc_ip_string(char *mem_ctx, if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("get_kdc_ip_string: cldap_multi_netlogon failed: " "%s\n", nt_errstr(status))); - TALLOC_FREE(kdc_str); goto out; } @@ -573,22 +578,25 @@ static char *get_kdc_ip_string(char *mem_ctx, } /* Append to the string - inefficient but not done often. */ - new_kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n", - kdc_str, - print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i])); - TALLOC_FREE(kdc_str); + new_kdc_str = talloc_asprintf_append( + kdc_str, + "\t\tkdc = %s\n", + print_canonical_sockaddr_with_port( + mem_ctx, &dc_addrs[i])); if (new_kdc_str == NULL) { goto out; } kdc_str = new_kdc_str; } - result = kdc_str; + result = talloc_move(mem_ctx, &kdc_str); out: - DBG_DEBUG("Returning\n%s\n", kdc_str); + if (result != NULL) { + DBG_DEBUG("Returning\n%s\n", kdc_str); + } else { + DBG_NOTICE("Failed to get KDC ip address\n"); + } - TALLOC_FREE(ip_sa_site); - TALLOC_FREE(ip_sa_nonsite); TALLOC_FREE(frame); return result; } diff --git a/testprogs/blackbox/test_net_ads.sh b/testprogs/blackbox/test_net_ads.sh index 76b394b10a9..cfafb945b62 100755 --- a/testprogs/blackbox/test_net_ads.sh +++ b/testprogs/blackbox/test_net_ads.sh @@ -51,6 +51,12 @@ fi testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD || failed=`expr $failed + 1` +workgroup=$(awk '/workgroup =/ { print $NR }' "${BASEDIR}/${WORKDIR}/client.conf") +testit "local krb5.conf created" \ + test -r \ + "${BASEDIR}/${WORKDIR}/lockdir/smb_krb5/krb5.conf.${workgroup}" || + failed=$((failed + 1)) + testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required || failed=`expr $failed + 1` netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= | awk '{$1=$1};1') -- Samba Shared Repository