Fix segfault in TGT renewal
This commit is contained in:
parent
e4bdfb2159
commit
d4aff4665f
@ -0,0 +1,63 @@
|
|||||||
|
From 7c4392c598f4ce426ee9e3fb9c8786677f55a33d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sumit Bose <sbose@redhat.com>
|
||||||
|
Date: Mon, 2 May 2011 14:54:20 +0200
|
||||||
|
Subject: [PATCH] Return pam data to the renewal item if renewal fails
|
||||||
|
|
||||||
|
A previous patch changed a talloc_steal() into a talloc_move(). Now it
|
||||||
|
is not enough to change the parent memory context with talloc_steal to
|
||||||
|
give back the data, but it has to be assigned back too.
|
||||||
|
|
||||||
|
Additionally this patch uses the missing pam data as an indication that
|
||||||
|
a renewal request for this data is currently running.
|
||||||
|
---
|
||||||
|
src/providers/krb5/krb5_renew_tgt.c | 13 +++++++++----
|
||||||
|
1 files changed, 9 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c
|
||||||
|
index cf50666ffea6cf68956673cf3a827f55c958d809..c848afbcfdee5a5201574551f72d23cec59a4263 100644
|
||||||
|
--- a/src/providers/krb5/krb5_renew_tgt.c
|
||||||
|
+++ b/src/providers/krb5/krb5_renew_tgt.c
|
||||||
|
@@ -72,7 +72,8 @@ static void renew_tgt(struct tevent_context *ev, struct tevent_timer *te,
|
||||||
|
DEBUG(1, ("krb5_auth_send failed.\n"));
|
||||||
|
/* Give back the pam data to the renewal item to be able to retry at the next
|
||||||
|
* time the renewals re run. */
|
||||||
|
- talloc_steal(auth_data->renew_data, auth_data->pd);
|
||||||
|
+ auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
|
||||||
|
+ auth_data->pd);
|
||||||
|
talloc_free(auth_data);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
@@ -95,7 +96,8 @@ static void renew_tgt_done(struct tevent_req *req)
|
||||||
|
DEBUG(1, ("krb5_auth request failed.\n"));
|
||||||
|
if (auth_data->renew_data != NULL) {
|
||||||
|
DEBUG(5, ("Giving back pam data.\n"));
|
||||||
|
- talloc_steal(auth_data->renew_data, auth_data->pd);
|
||||||
|
+ auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
|
||||||
|
+ auth_data->pd);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
switch (pam_status) {
|
||||||
|
@@ -130,7 +132,8 @@ static void renew_tgt_done(struct tevent_req *req)
|
||||||
|
auth_data->pd->user));
|
||||||
|
if (auth_data->renew_data != NULL) {
|
||||||
|
DEBUG(5, ("Giving back pam data.\n"));
|
||||||
|
- talloc_steal(auth_data->renew_data, auth_data->pd);
|
||||||
|
+ auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
|
||||||
|
+ auth_data->pd);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
@@ -169,7 +172,9 @@ static errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx)
|
||||||
|
renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data);
|
||||||
|
DEBUG(9, ("Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile,
|
||||||
|
ctime(&renew_data->start_renew_at)));
|
||||||
|
- if (renew_data->start_renew_at < now) {
|
||||||
|
+ /* If renew_data->pd == NULL a renewal request for this data is
|
||||||
|
+ * currently running so we skip it. */
|
||||||
|
+ if (renew_data->start_renew_at < now && renew_data->pd != NULL) {
|
||||||
|
auth_data = talloc_zero(renew_tgt_ctx, struct auth_data);
|
||||||
|
if (auth_data == NULL) {
|
||||||
|
DEBUG(1, ("talloc_zero failed.\n"));
|
||||||
|
--
|
||||||
|
1.7.5
|
||||||
|
|
@ -9,7 +9,7 @@
|
|||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 1.5.7
|
Version: 1.5.7
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -19,6 +19,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
|||||||
|
|
||||||
### Patches ###
|
### Patches ###
|
||||||
|
|
||||||
|
Patch0001: 0001-Return-pam-data-to-the-renewal-item-if-renewal-fails.patch
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
|
|
||||||
Requires: libldb = %{ldb_version}
|
Requires: libldb = %{ldb_version}
|
||||||
@ -111,6 +113,7 @@ use with ldap_default_authtok_type = obfuscated_password.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
|
%patch0001 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -ivf
|
autoreconf -ivf
|
||||||
@ -295,6 +298,9 @@ fi
|
|||||||
%postun client -p /sbin/ldconfig
|
%postun client -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-2
|
||||||
|
- Fix segfault in TGT renewal
|
||||||
|
|
||||||
* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1
|
* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1
|
||||||
- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
|
- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
|
||||||
- cached password with predicatable filename
|
- cached password with predicatable filename
|
||||||
|
Loading…
Reference in New Issue
Block a user