[SCM] Samba Shared Repository - branch v4-9-test updated
Karolin Seeger
kseeger at samba.org
Wed Oct 16 16:48:03 UTC 2019
The branch, v4-9-test has been updated
via a5ffe3982cc spnego: fix server handling of no optimistic exchange
via e7603aa87f0 selftest: add tests for no optimistic spnego exchange
via 16b10d1a433 spnego: add client option to omit sending an optimistic token
via 6024163e177 ctdb-vacuum: Process all records not deleted on a remote node
from c788ff56bae fault.c: improve fault_report message text pointing to our wiki
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test
- Log -----------------------------------------------------------------
commit a5ffe3982cc255fd23f6be8e447499c5f614a7f1
Author: Isaac Boukris <iboukris at gmail.com>
Date: Wed Sep 4 17:04:12 2019 +0300
spnego: fix server handling of no optimistic exchange
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Wed Oct 16 16:47:14 UTC 2019 on sn-devel-144
commit e7603aa87f0d7b5e7791e469104740bcaefbf759
Author: Isaac Boukris <iboukris at gmail.com>
Date: Wed Sep 4 16:39:43 2019 +0300
selftest: add tests for no optimistic spnego exchange
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 16b10d1a433936009e1c4d3f156f41e430479d26
Author: Isaac Boukris <iboukris at gmail.com>
Date: Wed Sep 4 16:31:21 2019 +0300
spnego: add client option to omit sending an optimistic token
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106
Signed-off-by: Isaac Boukris <iboukris at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 6024163e177fd36fcd4270d439553e4410b1ae29
Author: Amitay Isaacs <amitay at gmail.com>
Date: Mon Sep 30 16:34:35 2019 +1000
ctdb-vacuum: Process all records not deleted on a remote node
This currently skips the last record.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14147
RN: Avoid potential data loss during recovery after vacuuming error
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 33f1c9d9654fbdcb99c23f9d23c4bbe2cc596b98)
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/spnego.c | 24 ++++++++++++++++++++++++
ctdb/server/ctdb_vacuum.c | 2 +-
source4/selftest/tests.py | 4 ++++
3 files changed, 29 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 0b3fbdce7ac..5f78267281d 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -136,6 +136,7 @@ struct spnego_state {
bool done_mic_check;
bool simulate_w2k;
+ bool no_optimistic;
/*
* The following is used to implement
@@ -187,6 +188,10 @@ static NTSTATUS gensec_spnego_client_start(struct gensec_security *gensec_securi
spnego_state->simulate_w2k = gensec_setting_bool(gensec_security->settings,
"spnego", "simulate_w2k", false);
+ spnego_state->no_optimistic = gensec_setting_bool(gensec_security->settings,
+ "spnego",
+ "client_no_optimistic",
+ false);
gensec_security->private_data = spnego_state;
return NT_STATUS_OK;
@@ -1295,6 +1300,10 @@ static NTSTATUS gensec_spnego_server_negTokenInit_step(
spnego_state->mic_requested = true;
}
+ if (sub_in.length == 0) {
+ spnego_state->no_optimistic = true;
+ }
+
/*
* Note that 'cur_sec' is temporary memory, but
* cur_sec->oid points to a const string in the
@@ -1923,6 +1932,21 @@ static void gensec_spnego_update_pre(struct tevent_req *req)
* blob and NT_STATUS_OK.
*/
state->sub.status = NT_STATUS_OK;
+ } else if (spnego_state->state_position == SPNEGO_CLIENT_START &&
+ spnego_state->no_optimistic) {
+ /*
+ * Skip optimistic token per conf.
+ */
+ state->sub.status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ } else if (spnego_state->state_position == SPNEGO_SERVER_START &&
+ state->sub.in.length == 0 && spnego_state->no_optimistic) {
+ /*
+ * If we didn't like the mechanism for which the client sent us
+ * an optimistic token, or if he didn't send any, don't call
+ * the sub mechanism just yet.
+ */
+ state->sub.status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ spnego_state->no_optimistic = false;
} else {
/*
* MORE_PROCESSING_REQUIRED =>
diff --git a/ctdb/server/ctdb_vacuum.c b/ctdb/server/ctdb_vacuum.c
index 2194b7f4da7..fa43eaa8e67 100644
--- a/ctdb/server/ctdb_vacuum.c
+++ b/ctdb/server/ctdb_vacuum.c
@@ -814,7 +814,7 @@ static void ctdb_process_delete_list(struct ctdb_db_context *ctdb_db,
*/
records = (struct ctdb_marshall_buffer *)outdata.dptr;
rec = (struct ctdb_rec_data_old *)&records->data[0];
- while (records->count-- > 1) {
+ while (records->count-- > 0) {
TDB_DATA reckey, recdata;
struct ctdb_ltdb_header *rechdr;
struct delete_record_data *dd;
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index aa54308c524..9c3c77f1c56 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -513,6 +513,10 @@ plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_sha
plansmbtorture4testsuite('base.xcopy', "ad_dc_ntvfs", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--signing=required', '-U%'], modname="samba4.smb.signing --signing=required anon")
plansmbtorture4testsuite('base.xcopy', "s4member", ['//$NETBIOSNAME/xcopy_share', '-k', 'no', '--signing=no', '-U%'], modname="samba4.smb.signing --signing=no anon")
+# Test SPNEGO without issuing an optimistic token
+opt='--option=spnego:client_no_optimistic=yes'
+plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'no'], modname="samba4.smb.spnego.ntlmssp.no_optimistic")
+plansmbtorture4testsuite('base.xcopy', "ad_dc", ['//$NETBIOSNAME/xcopy_share', '-U$USERNAME%$PASSWORD', opt, '-k', 'yes'], modname="samba4.smb.spnego.krb5.no_optimistic")
wb_opts_default = ["--option=\"torture:strict mode=no\"", "--option=\"torture:timelimit=1\"", "--option=\"torture:winbindd_separator=/\"", "--option=\"torture:winbindd_netbios_name=$SERVER\"", "--option=\"torture:winbindd_netbios_domain=$DOMAIN\""]
--
Samba Shared Repository
More information about the samba-cvs
mailing list