[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Thu Sep 30 22:38:02 MDT 2010
The branch, master has been updated
via 62d87f8 s3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail
via 4c57095 heimdal: added verbose logging of hemimdal crypto errors
via 23b4126 autobuild: fixed the --tail option for new log locations
via c03d02d s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET
via 694f287 s4-spn: don't try and send an empty SPN list
from fbee3586 selftest: Let selftest provide the tempdir, rather than creating it as sideeffect of tests.py.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 62d87f8f88306cf71686f55a6839bec337c96d1d
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 30 20:56:20 2010 -0700
s3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail
this fails intermittently on sn-devel. Guenther suggested adding it to
knownfail
Autobuild-User: Andrew Tridgell <tridge at samba.org>
Autobuild-Date: Fri Oct 1 04:37:36 UTC 2010 on sn-devel-104
commit 4c57095bb76aee5922502d1dff307c6dd869f007
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 30 20:13:34 2010 -0700
heimdal: added verbose logging of hemimdal crypto errors
commit 23b4126f10f3927a8d70517e04872aa4ebf1b502
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 30 19:41:50 2010 -0700
autobuild: fixed the --tail option for new log locations
commit c03d02d28e7d9e908fa0553006282184487d2c8c
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 30 15:24:58 2010 -0700
s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET
otherwise we don't get the secrets!
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
commit 694f2876c9da51dc16a00d45de92edf8884dfbed
Author: Andrew Tridgell <tridge at samba.org>
Date: Thu Sep 30 15:02:50 2010 -0700
s4-spn: don't try and send an empty SPN list
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
script/autobuild.py | 2 +-
source3/selftest/knownfail | 1 +
source4/dsdb/repl/drepl_out_helpers.c | 3 +++
source4/heimdal/lib/krb5/crypto.c | 17 +++++++++++++++--
source4/scripting/bin/samba_spnupdate | 2 ++
5 files changed, 22 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/script/autobuild.py b/script/autobuild.py
index f1e29a7..6f14845 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -226,7 +226,7 @@ class buildlist:
def start_tail(self):
cwd = os.getcwd()
cmd = "tail -f *.stdout *.stderr"
- os.chdir(testbase)
+ os.chdir(gitroot)
self.tail_proc = Popen(cmd, shell=True)
os.chdir(cwd)
diff --git a/source3/selftest/knownfail b/source3/selftest/knownfail
index da38f88..dff19ca 100644
--- a/source3/selftest/knownfail
+++ b/source3/selftest/knownfail
@@ -1,2 +1,3 @@
.*printer.*print_test_extended # fails on some hosts due to timing issues ?
samba3.posix_s3.rap.printing # fails sometimes on sn-devel
+samba3.posix_s3.rpc.spoolss.printer # also fails sometimes
diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index 2a32e5c..f83cdda 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -384,6 +384,9 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
DEBUG(0,(__location__ ": Failed to construct partial attribute set : %s\n", nt_errstr(status)));
return;
}
+ if (state->op->extended_op == DRSUAPI_EXOP_REPL_SECRET) {
+ replica_flags &= ~DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING;
+ }
}
r->in.bind_handle = &drsuapi->bind_handle;
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index ed87655..eda5e63 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -1847,6 +1847,10 @@ verify_checksum(krb5_context context,
}
if(ct->checksumsize != cksum->checksum.length) {
krb5_clear_error_message (context);
+ krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY,
+ N_("Decrypt integrity check failed for checksum type %s, length was %u, expected %u", ""),
+ ct->name, (unsigned)cksum->checksum.length, (unsigned)ct->checksumsize);
+
return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */
}
keyed_checksum = (ct->flags & F_KEYED) != 0;
@@ -1874,8 +1878,14 @@ verify_checksum(krb5_context context,
return ret;
} else
dkey = NULL;
- if(ct->verify)
- return (*ct->verify)(context, dkey, data, len, usage, cksum);
+ if(ct->verify) {
+ ret = (*ct->verify)(context, dkey, data, len, usage, cksum);
+ if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY,
+ N_("Decrypt integrity check failed for checksum type %s, key type %s", ""),
+ ct->name, crypto->et->name);
+ }
+ }
ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
if (ret)
@@ -1890,6 +1900,9 @@ verify_checksum(krb5_context context,
if(c.checksum.length != cksum->checksum.length ||
ct_memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) {
krb5_clear_error_message (context);
+ krb5_set_error_message (context, KRB5KRB_AP_ERR_BAD_INTEGRITY,
+ N_("Decrypt integrity check failed for checksum type %s, key type %s", ""),
+ ct->name, crypto->et->name);
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
} else {
ret = 0;
diff --git a/source4/scripting/bin/samba_spnupdate b/source4/scripting/bin/samba_spnupdate
index 6a69f48..502eeba 100755
--- a/source4/scripting/bin/samba_spnupdate
+++ b/source4/scripting/bin/samba_spnupdate
@@ -212,6 +212,8 @@ def call_rodc_update(d):
ns.str = n
spn_names.append(ns)
req1.count = req1.count + 1
+ if spn_names == []:
+ return
req1.spn_names = spn_names
(level, res) = drs.DsWriteAccountSpn(drs_handle, 1, req1)
--
Samba Shared Repository
More information about the samba-cvs
mailing list