[SCM] Samba Shared Repository - branch v4-9-test updated

Karolin Seeger kseeger at samba.org
Wed Oct 16 16:48:03 UTC 2019 

The branch, v4-9-test has been updated
       via  a5ffe3982cc spnego: fix server handling of no optimistic exchange
       via  e7603aa87f0 selftest: add tests for no optimistic spnego exchange
       via  16b10d1a433 spnego: add client option to omit sending an optimistic token
       via  6024163e177 ctdb-vacuum: Process all records not deleted on a remote node
      from  c788ff56bae fault.c: improve fault_report message text pointing to our wiki

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test


- Log -----------------------------------------------------------------
commit a5ffe3982cc255fd23f6be8e447499c5f614a7f1
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Wed Sep 4 17:04:12 2019 +0300

    spnego: fix server handling of no optimistic exchange
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
    
    Signed-off-by: Isaac Boukris <iboukris at redhat.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184
    
    Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-9-test): Wed Oct 16 16:47:14 UTC 2019 on sn-devel-144

commit e7603aa87f0d7b5e7791e469104740bcaefbf759
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Wed Sep 4 16:39:43 2019 +0300

    selftest: add tests for no optimistic spnego exchange
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
    
    Signed-off-by: Isaac Boukris <iboukris at redhat.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 16b10d1a433936009e1c4d3f156f41e430479d26
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Wed Sep 4 16:31:21 2019 +0300

    spnego: add client option to omit sending an optimistic token
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
    
    Signed-off-by: Isaac Boukris <iboukris at redhat.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 6024163e177fd36fcd4270d439553e4410b1ae29
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Mon Sep 30 16:34:35 2019 +1000

    ctdb-vacuum: Process all records not deleted on a remote node
    
    This currently skips the last record.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14147
    RN: Avoid potential data loss during recovery after vacuuming error
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Martin Schwenke <martin at meltin.net>
    (cherry picked from commit 33f1c9d9654fbdcb99c23f9d23c4bbe2cc596b98)

-----------------------------------------------------------------------

Summary of changes:
 auth/gensec/spnego.c      | 24 ++++++++++++++++++++++++
 ctdb/server/ctdb_vacuum.c |  2 +-
 source4/selftest/tests.py |  4 ++++
 3 files changed, 29 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 0b3fbdce7ac..5f78267281d 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -136,6 +136,7 @@ struct spnego_state {
 	bool done_mic_check;
 
 	bool simulate_w2k;
+	bool no_optimistic;
 
 	/*
 	 * The following is used to implement
@@ -187,6 +188,10 @@ static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_securi
 
 	spnego_state->simulate_w2k = gensec_setting_bool(gensec_security->settings,
 						"spnego", "simulate_w2k", false);
+	spnego_state->no_optimistic = gensec_setting_bool(gensec_security->settings,
+							  "spnego",
+							  "client_no_optimistic",
+							  false);
 
 	gensec_security->private_data = spnego_state;
 	return NT_STATUS_OK;
@@ -1295,6 +1300,10 @@ static NTSTATUS gensec_spnego_server_negTokenInit_step(
 			spnego_state->mic_requested = true;
 		}
 
+		if (sub_in.length == 0) {
+			spnego_state->no_optimistic = true;
+		}
+
 		/*
 		 * Note that 'cur_sec' is temporary memory, but
 		 * cur_sec->oid points to a const string in the
@@ -1923,6 +1932,21 @@ static void gensec_spnego_update_pre(struct tevent_req *req)
 		 * blob and NT_STATUS_OK.
 		 */
 		state->sub.status = NT_STATUS_OK;
+	} else if (spnego_state->state_position == SPNEGO_CLIENT_START &&
+		   spnego_state->no_optimistic) {
+		/*
+		 * Skip optimistic token per conf.
+		 */
+		state->sub.status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+	} else if (spnego_state->state_position == SPNEGO_SERVER_START &&
+		   state->sub.in.length == 0 && spnego_state->no_optimistic) {
+		/*
+		 * If we didn't like the mechanism for which the client sent us
+		 * an optimistic token, or if he didn't send any, don't call
+		 * the sub mechanism just yet.
+		 */
+		state->sub.status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+		spnego_state->no_optimistic = false;
 	} else {
 		/*
 		 * MORE_PROCESSING_REQUIRED =>
diff --git a/ctdb/server/ctdb_vacuum.c b/ctdb/server/ctdb_vacuum.c
index 2194b7f4da7..fa43eaa8e67 100644
--- a/ctdb/server/ctdb_vacuum.c
+++ b/ctdb/server/ctdb_vacuum.c
@@ -814,7 +814,7 @@ static void ctdb_process_delete_list(struct ctdb_db_context *ctdb_db,
 		 */
 		records = (struct ctdb_marshall_buffer *)outdata.dptr;
 		rec = (struct ctdb_rec_data_old *)&records->data[0];
-		while (records->count-- > 1) {
+		while (records->count-- > 0) {
 			TDB_DATA reckey, recdata;
 			struct ctdb_ltdb_header *rechdr;
 			struct delete_record_data *dd;
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index aa54308c524..9c3c77f1c56 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -513,6 +513,10 @@ plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_sha
 plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--signing=required', '-U%'], modname="samba4.smb.signing --signing=required anon")
 plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--signing=no', '-U%'], modname="samba4.smb.signing --signing=no anon")
 
+# Test SPNEGO without issuing an optimistic token
+opt='--option=spnego:client_no_optimistic=yes'
+plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'no'], modname="samba4.smb.spnego.ntlmssp.no_optimistic")
+plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'yes'], modname="samba4.smb.spnego.krb5.no_optimistic")
 
 wb_opts_default = ["--option=\"torture:strict mode=no\"", "--option=\"torture:timelimit=1\"", "--option=\"torture:winbindd_separator=/\"", "--option=\"torture:winbindd_netbios_name=$SERVER\"", "--option=\"torture:winbindd_netbios_domain=$DOMAIN\""]
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list