Patch for fixing pb when users have a valid ticket and the server change its password

Matthieu Patou mat at samba.org
Mon May 24 22:57:26 MDT 2010 


"Andrew Bartlett" <abartlet at samba.org> wrote:

>On Tue, 2010-05-25 at 02:02 +0400, Matthieu Patou wrote:
>> Hello,
>> On 22/05/2010 09:03, Matthieu Patou wrote:
>> > On 21/05/2010 18:24, John H Terpstra wrote:
>> >> On 05/21/2010 09:11 AM, Matthieu Patou wrote:
>> >>> Hello,
>> >>>
>> >>> Find attach a patch proposal for bug 7099.
>> >>>
>> >>> My patch store a copy of the previous password on password change and
>> >>> try this password for validating tickets presented by the user to the
>> >>> server.
>> >>>
>> >>> This should hopefully solve the bug that when the password of a samba 3
>> >>> server is changed: for all tickets that are still valid for the 
>> >>> server's
>> >>> principals but emitted before the server has changed its password, the
>> >>> server is not anymore able to validate them (as it didn't has the
>> >>> previous passwords).
>> >>>
>> >>> I also attached a backport for samba3.5.x (I applied it to 3.5.3 and
>> >>> 3.5.2 and compiled it on 3.5.2).
>> >>>
>> >>> Cheers.
>> >>>
>> >>> Matthieu.
>> >>>
>> >> Matthieu,
>> >>
>> >> Thank you for fixing that bug. Much appreciated.
>> >>
>> > John, just pay attention that I didn't tested it thoroughly with real 
>> > windows workstation. It just don't show the pb when using smbclient 
>> > and forcing the password change with net changetrustpw. So for your 
>> > clusters it's worth to wait a little bit still.
>> >
>> Now I tested it and I had to change the patch a little bit.
>> Here is the update version.
>
>This looks good.  I hope to rework this properly some day to use
>exclusively the keytab approach (so we don't waste CPU re-salting the
>machine password), but this fixes the issue without a bit change in the
>structure.
>
>The main concern I have is that by changing from one 'for' loop to two
>different for loops, that the meaning of 'break' has changed.  Some of
>the error conditions should cause a retry with a different enc type,
>while others are fatal.  As far as I can tell, you only have an early
>exit for success. 

Uh right ! I guess i can refactor to add a boolean and use it to recreate the early exit in different error case (when there is a break)
>Andrew Bartlett
>
>-- 
>Andrew Bartlett                                http://samba.org/~abartlet/
>Authentication Developer, Samba Team           http://samba.org
>Samba Developer, Cisco Inc.
>

Samba team.   http://samba.org

More information about the samba-technical mailing list