samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00

Author	SHA1	Message	Date
Joseph Sutton	e67c022618	s4:kdc: Return (possibly) more appropriate error codes This change ultimately won’t make much difference to responses, as unrecognized codes are mapped to ERR_GENERIC in any case. But it might provide some help for debugging. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	e9e2dfa535	s4:auth: Check return value of talloc_new() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	45ca5e23b8	s4:auth: Fix leaks Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	18569f81c0	s4:auth: Add missing space to error message Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	dadfc06ce1	s4:kdc: Use type bool for ‘is_tgs’ Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	6e5e2f0b2c	s4:kdc: Erase key data If we’re going to zero the keys before freeing them, we might as well do it properly. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	7dd13e8d8e	s4:kdc: Ensure the value of h->len is accurate If we exited this function early due to an error, h->len would contain the number of elements that ought to be in h->val, but not all of those elements must have been initialized. Subsequently trying to free this partially-uninitialized structure with free_Keys() could have bad results. Avoid this by ensuring that h->len accurately reports the actual number of initialized elements. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	7e496d774c	s4:kdc: Consistently zero HDB structures To these conversion functions we sometimes pass malloc-allocated HDB structures, which we free afterwards if conversion fails. If parts of these structures are still uninitialized when we try to free them, all sorts of fun things can result. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	75a1beeea8	s4:kdc: Fix leaks of sdb_entry’s members Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	e546587280	s4:kdc: Fail PAC checksum verification if the krbtgt entry has no keys Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	406af84ba2	s4:kdc: Correctly report length of KDC packet If the data was received over TCP, it would have had four bytes subtracted from its length already, in kdc_tcp_call_loop(). Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	bb78ad7bd9	s4:kdc: Use portable format specifier Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	0f127875c8	s4:kdc: Correct error message Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	84929c6855	s4:kdc: Return an error code if sdb_entry_to_hdb_entry() fails This condition was written backwards — if samba_kdc_fetch() returned zero, we would ignore any error code returned by sdb_entry_to_hdb_entry(). Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	93c0f35521	s4:kdc: Fix code spelling Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	a5129c0763	s4:kdc: Fix leaks Use a temporary context to allocate these variables. Each variable that needs to be transferred to the caller is stolen onto an appropriate talloc context just prior to the function’s returning. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	e9c275b4e0	s4:kdc: Move calls to talloc_steal() out of the ‘out’ paths This simplifies the ‘out’ paths. Every code path that reaches ‘out’ via a goto ensures that ‘ret’ is set to a nonzero value. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	bf78c60368	s4:kdc: Remove unnecessary talloc context Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	902ed79b22	s4:kdc: Call krb5_free_principal() directly after to-be-freed principal is used This simplifies the ‘out’ path. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	79738178ec	s4:kdc: Free samba_kdc_seq context on failure to allocate memory Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	bc1103e93b	s4:kdc: Check return value from ldb_dn_get_linearized() Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	09e13845ae	s4:kdc: Fix leak of sdb_entry We should take the common ‘out’ path to ensure that we call sdb_entry_free() on the entry. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	26e2e891d0	s4:kdc: Ensure we don’t increase the value of entry->etypes->len The value of entry->etypes->len ought to be equal to that of entry->keys.len, and so should be nonzero. But it’s safer not to rely on that assumption. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	7cfddcbf3f	s4:kdc: Check result of samdb_result_dom_sid() We must not pass a NULL pointer into dom_sid_split_rid(). While we’re at it, switch to using samdb_result_dom_sid_buf(), which doesn’t require a heap allocation. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	f34645b8f8	s4:kdc: Initialize entry->modified_by If smb_krb5_make_principal() fails without setting the principal, sdb_entry_free() will try to free whatever memory the uninitialized member points to. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	e035cfabc7	s4:kdc: Don’t log secret keys Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	0cf658cd10	s4:kdc: Don’t issue forwardable or proxiable tickets to Protected Users If an authentication policy enforces a maximum TGT lifetime for a Protected User, that limit should stand in place of the four-hour limit usually applied to Protected Users; we should nevertheless continue to ensure that forwardable or proxiable tickets are not issued to such users. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	7026b08e23	tests/krb5: Test that neither forwardable nor proxiable tickets are issued to Protected Users Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	c9d6a3dd66	tests/krb5: Allow specifying KDC options when requesting a TGT Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	da89b86e52	tests/krb5: Allow specifying additional details for a test account Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	a5492d76d3	tests/krb5: Split out new AuthnPolicyBaseTests class This class provides a useful base for other tests to build upon. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	55c09c91ea	tests/krb5: Move some functions round to prepare for splitting the class No effective code change. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	942cc0b626	tests/krb5: Keep claim types for subsequent tests We want to be able to reuse them across several tests. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	f552933760	tests/krb5: Rename compatability_tests class We should not have two unrelated classes both named SimpleKerberosTests. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	928f898e0a	tests/krb5: Allow cached=True with an assigned silo or policy We might want to create an account with an assigned silo or policy in setUp() or setUpClass() to be reused in subsequent tests. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	4c320f756d	s4:kdc: Refer to correct function in error messages Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	7da7b81d4d	s4:torture: Fix code spelling Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	d175550162	s4:rpc_server: Fix code spelling Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	2de67b7174	s4:kdc: Correct comments mentioning Heimdal Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	9fd501dfec	s4:kdc: Remove unnecessary casts Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	0a202264d3	s4:dsdb: Access correct member of union Accessing the wrong member of a union invokes undefined behaviour. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	3e076b374b	s4:dsdb: Remove unnecessary casts Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	939bd3d9a5	s4:auth: Fix code spelling Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	816ceb27ed	s3:registry: Fix code spelling Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	c68b8cf17c	s3:lib: Use portable format specifiers Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	44df47712a	librpc:ndr: Format sizes as ‘size_t’ Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	d35e7f10af	tsocket: Fix code spelling Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	a643ac45c1	lib/replace: Ensure that __STDC_WANT_LIB_EXT1__ is set to 1 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	5b3a8aa544	lib:krb5_wrap: Remove unnecessary cast Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00
Joseph Sutton	578c1d39f5	ldb:ldb_sqlite3: Access correct member of union Accessing the wrong member of a union invokes undefined behaviour. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2023-08-14 04:57:34 +00:00

1 2 3 4 5 ...

134347 Commits