IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
gss_get_name_attribute() can return unintialized pac_display_buffer
and later gss_release_buffer() will crash on attempting to release it.
The fix on MIT krb5 side is in 1.10.1, reported in both Debian and MIT upstream:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087
We need to initialize variables before using gss_get_name_attribute()
Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed Jun 6 18:22:51 CEST 2012 on sn-devel-104
The root cause for existing ccache being invalidated was use of global loadparm with
'workgroup' value set as if from command line. However, we don't really need to take
'workgroup' parameter value's nature into account when invalidating existing ccache.
When -U is used on the command line, one can specify a password to force ccache
invalidation.
The commit also reverts previous fix now that root cause is clear.
When credentials API is used by a client-side program that already as fetched required
tickets into a ccache, we need to skip re-initializing ccache. This is used in FreeIPA
when Samba 4 Python bindings are run after mod_auth_kerb has obtained user tickets
already.
With waf build include directories are defined by dependencies specified to subsystems.
Without proper dependency <gssapi/gssapi.h> cannot be found for embedded Heimdal builds
when there are no system-wide gssapi/gssapi.h available.
Split out GSSAPI header includes in a separate replacement header and use that explicitly
where needed.
Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104
The remaining gssapi_parse functions were used exclusively in
gensec_krb5. Move them there and make them static.
Signed-off-by: Andreas Schneider <asn@samba.org>
This is clearly a utiliy function generic to gensec. Also the 3 callers
had identical implementations. Provide a generic implementation for all
of them and avoid duplicating the code everywhere.
Signed-off-by: Andreas Schneider <asn@samba.org>
The key type OID is optional, but we require that information to determine if
we should use NEW_SPNEGO.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Mar 8 11:53:57 CET 2012 on sn-devel-104
This matches check_ntlm_password() and generate_session_info_pac()
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb 17 12:18:51 CET 2012 on sn-devel-104
Now that there is only one gensec_ntlmssp server, some of these functions can be static
For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller
knows better. This will allow preservation of current s3 behaviour.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This is possible because we now supply the auth4_context abstraction that this
code is looking for.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The ntlmssp_server code will be in common shortly, and aside from a
symbol name or two, moving the client code causes no harm and makes
less mess. We will also get the client code in common very soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This avoids creating a second auth_context, as it is a private pointer
in the auth4_context that has already been passed in, and makes the
gensec_ntlmssp code agnostic to the type of authentication backend
behind it. This will in turn allow the ntlmssp server code to be
further merged.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This matches what Samba3 does.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
This should be the correct fix for the valgrind erorr Volker found in
744ed53a62. This fix avoids putting
SPNEGO into the list twice when we are in the CRED_DONT_USE_KERBEROS
case.
Andrew Bartlett
This reverts commit 744ed53a62.
The real bug here is that the second half of the outer loop should not
have been run once we found spnego.
Andrew Bartlett
Without this I get the following valgrind error:
==27740== Invalid write of size 8
==27740== at 0x62C53E: gensec_use_kerberos_mechs (gensec_start.c:112)
==27740== by 0x62C623: gensec_security_mechs (gensec_start.c:141)
==27740== by 0x62C777: gensec_security_by_oid (gensec_start.c:181)
==27740== by 0x62DD6E: gensec_start_mech_by_oid (gensec_start.c:735)
==27740== by 0x50D6FD: negprot_spnego (negprot.c:210)
==27740== by 0x5B0DEA: smbd_smb2_request_process_negprot (smb2_negprot.c:209)
==27740== by 0x5AD036: smbd_smb2_request_dispatch (smb2_server.c:1417)
==27740== by 0x5AFB77: smbd_smb2_first_negprot (smb2_server.c:2643)
==27740== by 0x585C00: process_smb (process.c:1641)
==27740== by 0x587F78: smbd_server_connection_read_handler (process.c:2314)
==27740== by 0x587FD6: smbd_server_connection_handler (process.c:2331)
==27740== by 0x99E05B: run_events_poll (events.c:286)
==27740== by 0x584AFF: smbd_server_connection_loop_once (process.c:984)
==27740== by 0x58B2D9: smbd_process (process.c:3389)
==27740== by 0xDE4CA8: smbd_accept_connection (server.c:469)
==27740== by 0x99E05B: run_events_poll (events.c:286)
==27740== by 0x99E2D5: s3_event_loop_once (events.c:349)
==27740== by 0x99F990: _tevent_loop_once (tevent.c:504)
==27740== by 0xDE5A9B: smbd_parent_loop (server.c:869)
==27740== by 0xDE6DD8: main (server.c:1413)
==27740== Address 0x9ff3538 is 4,232 bytes inside a block of size 8,288 alloc'd
==27740== at 0x4C261D7: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==27740== by 0x6926965: __talloc (talloc.c:560)
==27740== by 0x6926771: talloc_pool (talloc.c:598)
==27740== by 0x93B927: talloc_stackframe_internal (talloc_stack.c:145)
==27740== by 0x93B9D6: talloc_stackframe_pool (talloc_stack.c:171)
==27740== by 0x58B2B7: smbd_process (process.c:3385)
==27740== by 0xDE4CA8: smbd_accept_connection (server.c:469)
==27740== by 0x99E05B: run_events_poll (events.c:286)
==27740== by 0x99E2D5: s3_event_loop_once (events.c:349)
==27740== by 0x99F990: _tevent_loop_once (tevent.c:504)
==27740== by 0xDE5A9B: smbd_parent_loop (server.c:869)
==27740== by 0xDE6DD8: main (server.c:1413)
In the for-loop we can increment j twice, so we need twice as many output array
elements as input array elements.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Thu Feb 9 19:44:47 CET 2012 on sn-devel-104
