The branch, master has been updated
via 68d181ee676 s3:libads: Fix creating local krb5.conf
via 12c843ad0a9 s3:libads: Check print_canonical_sockaddr_with_port()
for NULL in get_kdc_ip_string()
via cca189d0934 s3:libads: Remove obsolete free's of kdc_str
via 652c8ce1672 s3:libads: Allocate all memory on the talloc stackframe
via 812032833aa s3:libads: Use talloc_asprintf_append() in
get_kdc_ip_string()
via 7f721dc2eee s3:libads: Improve debug messages for
get_kdc_ip_string()
via 313f03c7848 s3:libads: Leave early on error in get_kdc_ip_string()
via 567b1996796 s3:libads: Remove trailing spaces in kerberos.c
via d2ac90cdd56 testprogs: Add test that local krb5.conf has been
created
from d8e966da1c8 smbd: Remove a few vfs_stat() calls
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 68d181ee676e17a5cdcfc12c5cc7eef242fdfa6c
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 15 13:10:06 2022 +0100
s3:libads: Fix creating local krb5.conf
We create an KDC ip string entry directly at the beginning, use it if we
don't have any additional DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
Autobuild-User(master): Günther Deschner <g...@samba.org>
Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184
commit 12c843ad0a97fcbaaea738b82941533e5d2aec99
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 15 13:02:05 2022 +0100
s3:libads: Check print_canonical_sockaddr_with_port() for NULL in
get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit cca189d0934790418e27d9d01282370b1e6a057f
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 15 12:57:18 2022 +0100
s3:libads: Remove obsolete free's of kdc_str
This is allocated on the stackframe now!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 652c8ce1672dfead00c7af6af22e3bb3927764ec
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 15 12:56:58 2022 +0100
s3:libads: Allocate all memory on the talloc stackframe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 812032833aa65729dbbfd4313a6e3fe072c88530
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 15 12:48:23 2022 +0100
s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 7f721dc2eee0064a1ddd480fcaf77bf1659c7a26
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 15 12:10:47 2022 +0100
s3:libads: Improve debug messages for get_kdc_ip_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 313f03c78487ae49747b8143220ecbfe8ad9310a
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 15 12:04:34 2022 +0100
s3:libads: Leave early on error in get_kdc_ip_string()
This avoids useless allocations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 567b1996796e5d3cf572653f38817d832fa135ca
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 15 12:03:40 2022 +0100
s3:libads: Remove trailing spaces in kerberos.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit d2ac90cdd5672330ed9c323fc474f8ba62750a6f
Author: Andreas Schneider <a...@samba.org>
Date: Tue Mar 15 16:53:02 2022 +0100
testprogs: Add test that local krb5.conf has been created
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/libads/kerberos.c | 80 +++++++++++++++++++++-----------------
testprogs/blackbox/test_net_ads.sh | 6 +++
2 files changed, 50 insertions(+), 36 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 75beeef4a44..3fd86e87064 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
kerberos utility library
Copyright (C) Andrew Tridgell 2001
@@ -37,11 +37,11 @@
#define LIBADS_CCACHE_NAME "MEMORY:libads"
/*
- we use a prompter to avoid a crash bug in the kerberos libs when
+ we use a prompter to avoid a crash bug in the kerberos libs when
dealing with empty passwords
this prompter is just a string copy ...
*/
-static krb5_error_code
+static krb5_error_code
kerb_prompter(krb5_context ctx, void *data,
const char *name,
const char *banner,
@@ -192,7 +192,7 @@ int kerberos_kinit_password_ext(const char *given_principal,
krb5_get_init_creds_opt_set_address_list(opt, addr->addrs);
}
- if ((code = krb5_get_init_creds_password(ctx, &my_creds, me,
discard_const_p(char,password),
+ if ((code = krb5_get_init_creds_password(ctx, &my_creds, me,
discard_const_p(char,password),
kerb_prompter,
discard_const_p(char, password),
0, NULL, opt))) {
goto out;
@@ -299,7 +299,7 @@ int ads_kdestroy(const char *cc_name)
}
if ((code = krb5_cc_destroy (ctx, cc))) {
- DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n",
+ DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n",
error_message(code)));
}
@@ -348,10 +348,10 @@ int kerberos_kinit_password(const char *principal,
int time_offset,
const char *cache_name)
{
- return kerberos_kinit_password_ext(principal,
- password,
- time_offset,
- 0,
+ return kerberos_kinit_password_ext(principal,
+ password,
+ time_offset,
+ 0,
0,
cache_name,
False,
@@ -434,17 +434,25 @@ static char *get_kdc_ip_string(char *mem_ctx,
struct netlogon_samlogon_response **responses = NULL;
NTSTATUS status;
bool ok;
- char *kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n", "",
-
print_canonical_sockaddr_with_port(mem_ctx, pss));
+ char *kdc_str = NULL;
+ char *canon_sockaddr = NULL;
+
+ SMB_ASSERT(pss != NULL);
+
+ canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
+ if (canon_sockaddr == NULL) {
+ goto out;
+ }
+ kdc_str = talloc_asprintf(frame,
+ "\t\tkdc = %s\n",
+ canon_sockaddr);
if (kdc_str == NULL) {
- TALLOC_FREE(frame);
- return NULL;
+ goto out;
}
ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
if (!ok) {
- TALLOC_FREE(kdc_str);
goto out;
}
@@ -454,7 +462,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
*/
if (sitename) {
- status = get_kdc_list(talloc_tos(),
+ status = get_kdc_list(frame,
realm,
sitename,
&ip_sa_site,
@@ -462,7 +470,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("get_kdc_list fail %s\n",
nt_errstr(status));
- TALLOC_FREE(kdc_str);
goto out;
}
DBG_DEBUG("got %zu addresses from site %s search\n",
@@ -472,7 +479,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
/* Get all KDC's. */
- status = get_kdc_list(talloc_tos(),
+ status = get_kdc_list(frame,
realm,
NULL,
&ip_sa_nonsite,
@@ -480,7 +487,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("get_kdc_list (site-less) fail %s\n",
nt_errstr(status));
- TALLOC_FREE(kdc_str);
goto out;
}
DBG_DEBUG("got %zu addresses from site-less search\n", count_nonsite);
@@ -488,7 +494,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
if (count_site + count_nonsite < count_site) {
/* Wrap check. */
DBG_ERR("get_kdc_list_talloc (site-less) fail wrap error\n");
- TALLOC_FREE(kdc_str);
goto out;
}
@@ -496,7 +501,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
dc_addrs = talloc_array(talloc_tos(), struct sockaddr_storage,
count_site + count_nonsite);
if (dc_addrs == NULL) {
- TALLOC_FREE(kdc_str);
goto out;
}
@@ -516,17 +520,20 @@ static char *get_kdc_ip_string(char *mem_ctx,
}
}
- dc_addrs2 = talloc_zero_array(talloc_tos(),
- struct tsocket_address *,
- num_dcs);
-
DBG_DEBUG("%zu additional KDCs to test\n", num_dcs);
if (num_dcs == 0) {
- TALLOC_FREE(kdc_str);
+ /*
+ * We do not have additional KDCs, but we have the one passed
+ * in via `pss`. So just use that one and leave.
+ */
+ result = talloc_move(mem_ctx, &kdc_str);
goto out;
}
+
+ dc_addrs2 = talloc_zero_array(talloc_tos(),
+ struct tsocket_address *,
+ num_dcs);
if (dc_addrs2 == NULL) {
- TALLOC_FREE(kdc_str);
goto out;
}
@@ -543,7 +550,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
status = map_nt_error_from_unix(errno);
DEBUG(2,("Failed to create tsocket_address for %s -
%s\n",
addr, nt_errstr(status)));
- TALLOC_FREE(kdc_str);
goto out;
}
}
@@ -561,7 +567,6 @@ static char *get_kdc_ip_string(char *mem_ctx,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("get_kdc_ip_string: cldap_multi_netlogon failed: "
"%s\n", nt_errstr(status)));
- TALLOC_FREE(kdc_str);
goto out;
}
@@ -573,22 +578,25 @@ static char *get_kdc_ip_string(char *mem_ctx,
}
/* Append to the string - inefficient but not done often. */
- new_kdc_str = talloc_asprintf(mem_ctx, "%s\t\tkdc = %s\n",
- kdc_str,
-
print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i]));
- TALLOC_FREE(kdc_str);
+ new_kdc_str = talloc_asprintf_append(
+ kdc_str,
+ "\t\tkdc = %s\n",
+ print_canonical_sockaddr_with_port(
+ mem_ctx, &dc_addrs[i]));
if (new_kdc_str == NULL) {
goto out;
}
kdc_str = new_kdc_str;
}
- result = kdc_str;
+ result = talloc_move(mem_ctx, &kdc_str);
out:
- DBG_DEBUG("Returning\n%s\n", kdc_str);
+ if (result != NULL) {
+ DBG_DEBUG("Returning\n%s\n", kdc_str);
+ } else {
+ DBG_NOTICE("Failed to get KDC ip address\n");
+ }
- TALLOC_FREE(ip_sa_site);
- TALLOC_FREE(ip_sa_nonsite);
TALLOC_FREE(frame);
return result;
}
diff --git a/testprogs/blackbox/test_net_ads.sh
b/testprogs/blackbox/test_net_ads.sh
index 76b394b10a9..cfafb945b62 100755
--- a/testprogs/blackbox/test_net_ads.sh
+++ b/testprogs/blackbox/test_net_ads.sh
@@ -51,6 +51,12 @@ fi
testit "join" $VALGRIND $net_tool ads join -U$DC_USERNAME%$DC_PASSWORD ||
failed=`expr $failed + 1`
+workgroup=$(awk '/workgroup =/ { print $NR }'
"${BASEDIR}/${WORKDIR}/client.conf")
+testit "local krb5.conf created" \
+ test -r \
+ "${BASEDIR}/${WORKDIR}/lockdir/smb_krb5/krb5.conf.${workgroup}" ||
+ failed=$((failed + 1))
+
testit "testjoin" $VALGRIND $net_tool ads testjoin -P --use-kerberos=required
|| failed=`expr $failed + 1`
netbios=$(grep "netbios name" $BASEDIR/$WORKDIR/client.conf | cut -f2 -d= |
awk '{$1=$1};1')
--
Samba Shared Repository
