[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fix Samba support in Heimdal



I really should have done as Love requested, and tested the
implementation of the Samba patches, once they actually hit the tree...

I didn't, so when I upgraded my site...

Anyway, the bugs seem to revolve around the parsing of the account
control string, and memory management when we only have Samba
passwords.  I also had to enable forwarding by default, as Samba has no
knowledge of this kind of thing.

Patch to fix these issues is attached.  I'm happy for the forwarding
thing to become a config setting.

Andrew Bartlett
-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
--- heimdal-20040510/lib/hdb/hdb-ldap.c	2004-04-02 02:30:09.000000000 +1000
+++ heimdal-20040510-samba/lib/hdb/hdb-ldap.c	2004-05-10 18:38:55.000000000 +1000
@@ -1002,14 +1002,31 @@
 
 	ent->keys.len++;
 
-	etypes = realloc(ent->etypes->val, 
-			 (ent->etypes->len + 1) * sizeof(ent->etypes->val[0]));
-	if (etypes == NULL) {
+	if (ent->etypes) {
+	  etypes = realloc(ent->etypes->val, 
+			   (ent->etypes->len + 1) * sizeof(ent->etypes->val[0]));
+	  if (etypes == NULL) {
 	    krb5_set_error_string(context, "malloc: out of memory");
 	    ret = ENOMEM;
 	    goto out;			    
-	}
+	  }
 	ent->etypes->val = etypes;
+	} else {
+	  ent->etypes = malloc(sizeof(*(ent->etypes)));
+	  if (ent->etypes == NULL) {
+	    krb5_set_error_string(context, "malloc: out of memory");
+	    ret = ENOMEM;
+	    goto out;
+	  }
+	  ent->etypes->len = 1;
+	  ent->etypes->val = calloc(ent->etypes->len, sizeof(int));
+	  if (ent->etypes->val == NULL) {
+	    krb5_set_error_string(context, "malloc: out of memory");
+	    ret = ENOMEM;
+	    goto out;
+	  }
+
+	}
 	ent->etypes->val[ent->etypes->len] = ETYPE_ARCFOUR_HMAC_MD5;
 	ent->etypes->len++;
     }
@@ -1188,10 +1205,13 @@
 	if (flags_len < 2)
 	    goto out2;
 
-	if (flags_len > 2 && samba_acct_flags[0] == '[' 
-	    && samba_acct_flags[flags_len - 1] == ']') 
+	if (samba_acct_flags[0] != '[' 
+	    || samba_acct_flags[flags_len - 1] != ']') 
 	    goto out2;
 
+	/* Allow forwarding */
+	ent->flags.forwardable = TRUE;
+
 	for (i=0; i< flags_len; i++) {
 	    switch (samba_acct_flags[i]) {
 	    case ' ':

This is a digitally signed message part