From d4aff4665f53cdd84fad90b0cb80704de3259774 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 2 May 2011 12:29:25 -0400 Subject: [PATCH] Fix segfault in TGT renewal --- ...to-the-renewal-item-if-renewal-fails.patch | 63 +++++++++++++++++++ sssd.spec | 8 ++- 2 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 0001-Return-pam-data-to-the-renewal-item-if-renewal-fails.patch diff --git a/0001-Return-pam-data-to-the-renewal-item-if-renewal-fails.patch b/0001-Return-pam-data-to-the-renewal-item-if-renewal-fails.patch new file mode 100644 index 0000000..2ed94e1 --- /dev/null +++ b/0001-Return-pam-data-to-the-renewal-item-if-renewal-fails.patch @@ -0,0 +1,63 @@ +From 7c4392c598f4ce426ee9e3fb9c8786677f55a33d Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Mon, 2 May 2011 14:54:20 +0200 +Subject: [PATCH] Return pam data to the renewal item if renewal fails + +A previous patch changed a talloc_steal() into a talloc_move(). Now it +is not enough to change the parent memory context with talloc_steal to +give back the data, but it has to be assigned back too. + +Additionally this patch uses the missing pam data as an indication that +a renewal request for this data is currently running. +--- + src/providers/krb5/krb5_renew_tgt.c | 13 +++++++++---- + 1 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c +index cf50666ffea6cf68956673cf3a827f55c958d809..c848afbcfdee5a5201574551f72d23cec59a4263 100644 +--- a/src/providers/krb5/krb5_renew_tgt.c ++++ b/src/providers/krb5/krb5_renew_tgt.c +@@ -72,7 +72,8 @@ static void renew_tgt(struct tevent_context *ev, struct tevent_timer *te, + DEBUG(1, ("krb5_auth_send failed.\n")); + /* Give back the pam data to the renewal item to be able to retry at the next + * time the renewals re run. */ +- talloc_steal(auth_data->renew_data, auth_data->pd); ++ auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, ++ auth_data->pd); + talloc_free(auth_data); + return; + } +@@ -95,7 +96,8 @@ static void renew_tgt_done(struct tevent_req *req) + DEBUG(1, ("krb5_auth request failed.\n")); + if (auth_data->renew_data != NULL) { + DEBUG(5, ("Giving back pam data.\n")); +- talloc_steal(auth_data->renew_data, auth_data->pd); ++ auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, ++ auth_data->pd); + } + } else { + switch (pam_status) { +@@ -130,7 +132,8 @@ static void renew_tgt_done(struct tevent_req *req) + auth_data->pd->user)); + if (auth_data->renew_data != NULL) { + DEBUG(5, ("Giving back pam data.\n")); +- talloc_steal(auth_data->renew_data, auth_data->pd); ++ auth_data->renew_data->pd = talloc_steal(auth_data->renew_data, ++ auth_data->pd); + } + break; + default: +@@ -169,7 +172,9 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx) + renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data); + DEBUG(9, ("Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile, + ctime(&renew_data->start_renew_at))); +- if (renew_data->start_renew_at < now) { ++ /* If renew_data->pd == NULL a renewal request for this data is ++ * currently running so we skip it. */ ++ if (renew_data->start_renew_at < now && renew_data->pd != NULL) { + auth_data = talloc_zero(renew_tgt_ctx, struct auth_data); + if (auth_data == NULL) { + DEBUG(1, ("talloc_zero failed.\n")); +-- +1.7.5 + diff --git a/sssd.spec b/sssd.spec index 941164a..1e1d154 100644 --- a/sssd.spec +++ b/sssd.spec @@ -9,7 +9,7 @@ Name: sssd Version: 1.5.7 -Release: 1%{?dist} +Release: 2%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -19,6 +19,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### +Patch0001: 0001-Return-pam-data-to-the-renewal-item-if-renewal-fails.patch + ### Dependencies ### Requires: libldb = %{ldb_version} @@ -111,6 +113,7 @@ use with ldap_default_authtok_type = obfuscated_password. %prep %setup -q +%patch0001 -p1 %build autoreconf -ivf @@ -295,6 +298,9 @@ fi %postun client -p /sbin/ldconfig %changelog +* Mon May 02 2011 Stephen Gallagher - 1.5.7-2 +- Fix segfault in TGT renewal + * Fri Apr 29 2011 Stephen Gallagher - 1.5.7-1 - Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename