[Pkg-samba-maint] [samba] 02/03: Add patch for previous commit

Mathieu Parent sathieu at moszumanska.debian.org
Sat Apr 1 09:13:26 UTC 2017 

This is an automated email from the git hooks/post-receive script.

sathieu pushed a commit to branch jessie
in repository samba.

commit e420a8ac6107df6f070653692f668cf3ae6a8301
Author: Mathieu Parent <math.parent at gmail.com>
Date:   Sat Apr 1 11:06:43 2017 +0200

    Add patch for previous commit
---
 .../Fix-deadlock-when-re-joining-a-domain.patch    | 49 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 50 insertions(+)

diff --git a/debian/patches/Fix-deadlock-when-re-joining-a-domain.patch b/debian/patches/Fix-deadlock-when-re-joining-a-domain.patch
new file mode 100644
index 0000000..d073c92
--- /dev/null
+++ b/debian/patches/Fix-deadlock-when-re-joining-a-domain.patch
@@ -0,0 +1,49 @@
+From 38beef2ff63664d7d5805f1032bb9f69d0b965d7 Mon Sep 17 00:00:00 2001
+From: Uri Simchoni <urisimchoni at gmail.com>
+Date: Sat, 2 May 2015 13:44:53 +0300
+Subject: [PATCH] libads: Fix deadlock when re-joining a domain and updating
+ keytab
+
+When updating the system keytab as a result of joining a domain,
+if the keytb had prior entries, ads_keytab_create_default tries to
+update those entries. However, it starts updating before freeing the
+cursor which was used for finding those entries, and hence causes
+an an attempt to write-lock the keytab while a read-lock exists.
+
+To reproduce configure smb.conf for ads domain member and run this twice:
+net ads join -U <credentials> '--option=kerberos method=secrets and keytab'
+
+Signed-off-by: Uri Simchoni <urisimchoni at gmail.com>
+Reviewed-by: Jeremy Allison <jra at samba.org>
+Reviewed-by: Andreas Schneider <asn at samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra at samba.org>
+Autobuild-Date(master): Mon May  4 21:01:41 CEST 2015 on sn-devel-104
+---
+ source3/libads/kerberos_keytab.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
+index ef6374a..309e614 100644
+--- a/source3/libads/kerberos_keytab.c
++++ b/source3/libads/kerberos_keytab.c
+@@ -731,13 +731,14 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
+ 		smb_krb5_kt_free_entry(context, &kt_entry);
+ 		ZERO_STRUCT(kt_entry);
+ 	}
++	krb5_kt_end_seq_get(context, keytab, &cursor);
++	ZERO_STRUCT(cursor);
++
+ 	ret = 0;
+ 	for (i = 0; oldEntries[i]; i++) {
+ 		ret |= ads_keytab_add_entry(ads, oldEntries[i]);
+ 		TALLOC_FREE(oldEntries[i]);
+ 	}
+-	krb5_kt_end_seq_get(context, keytab, &cursor);
+-	ZERO_STRUCT(cursor);
+ 
+ done:
+ 	TALLOC_FREE(oldEntries);
+-- 
+1.9.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 3c395b6..071db39 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,3 +26,4 @@ CVE-2017-2619.patch
 bug-12721-4.2.patch
 fix-shadow_copy2-42-backport.patch
 shadow_copy2_tests_42.patch
+Fix-deadlock-when-re-joining-a-domain.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git

More information about the Pkg-samba-maint mailing list