[Pkg-samba-maint] [samba] 01/03: libads: Fix deadlock when re-joining a domain and updating keytab

Mathieu Parent sathieu at moszumanska.debian.org
Sat Apr 1 09:13:26 UTC 2017 

This is an automated email from the git hooks/post-receive script.

sathieu pushed a commit to branch jessie
in repository samba.

commit 4cf06d370bbcbc8e4c47b445108d1d020541ccdd
Author: Uri Simchoni <urisimchoni at gmail.com>
Date:   Sat May 2 13:44:53 2015 +0300

    libads: Fix deadlock when re-joining a domain and updating keytab
    
    When updating the system keytab as a result of joining a domain,
    if the keytb had prior entries, ads_keytab_create_default tries to
    update those entries. However, it starts updating before freeing the
    cursor which was used for finding those entries, and hence causes
    an an attempt to write-lock the keytab while a read-lock exists.
    
    To reproduce configure smb.conf for ads domain member and run this twice:
    net ads join -U <credentials> '--option=kerberos method=secrets and keytab'
    
    Signed-off-by: Uri Simchoni <urisimchoni at gmail.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Mon May  4 21:01:41 CEST 2015 on sn-devel-104
---
 source3/libads/kerberos_keytab.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 2068d03..7a4967e 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -730,13 +730,14 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 		smb_krb5_kt_free_entry(context, &kt_entry);
 		ZERO_STRUCT(kt_entry);
 	}
+	krb5_kt_end_seq_get(context, keytab, &cursor);
+	ZERO_STRUCT(cursor);
+
 	ret = 0;
 	for (i = 0; oldEntries[i]; i++) {
 		ret |= ads_keytab_add_entry(ads, oldEntries[i]);
 		TALLOC_FREE(oldEntries[i]);
 	}
-	krb5_kt_end_seq_get(context, keytab, &cursor);
-	ZERO_STRUCT(cursor);
 
 done:
 	TALLOC_FREE(oldEntries);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git

More information about the Pkg-samba-maint mailing list