[SCM] Samba Shared Repository - branch v3-6-test updated

Andrew Bartlett abartlet at samba.org
Thu Sep 23 22:49:48 MDT 2010


The branch, v3-6-test has been updated
       via  9788a68 s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs
      from  e54527f Fix bug 7694 - Crash bug with invalid SPNEGO token.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 9788a681adf405f10e6aa2a2af5e5424a4c840ac
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sat Sep 11 16:13:33 2010 +1000

    s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs
    
    The idea of this patch is: Don't support a mix of different kerberos
    features.
    
    Either we should prepare a GSSAPI (8003) checksum and mark the request as
    such, or we should use the old behaviour (a normal kerberos checksum of 0 data).
    
    Sending the GSSAPI checksum data, but without marking it as GSSAPI broke
    Samba4, and seems well outside the expected behaviour, even if Windows accepts it.
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 source3/libsmb/clikrb5.c |    4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 344fdac..a572413 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -840,7 +840,7 @@ static krb5_error_code ads_krb5_mk_req(krb5_context context,
 		goto cleanup_creds;
 	}
 
-#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY)
+#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)
 	if( credsp->ticket_flags & TKT_FLG_OK_AS_DELEGATE ) {
 		/* Fetch a forwarded TGT from the KDC so that we can hand off a 2nd ticket
 		 as part of the kerberos exchange. */
@@ -902,7 +902,6 @@ static krb5_error_code ads_krb5_mk_req(krb5_context context,
 			gss_flags |= GSS_C_DELEG_FLAG;
 		}
 	}
-#endif
 
 	/* Frees and reallocates in_data into a GSS checksum blob. */
 	retval = create_gss_checksum(&in_data, gss_flags);
@@ -910,7 +909,6 @@ static krb5_error_code ads_krb5_mk_req(krb5_context context,
 		goto cleanup_data;
 	}
 
-#if defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)
 	/* We always want GSS-checksum types. */
 	retval = krb5_auth_con_set_req_cksumtype(context, *auth_context, GSSAPI_CHECKSUM );
 	if (retval) {


-- 
Samba Shared Repository


More information about the samba-cvs mailing list