[PATCH] Implement GSE as a gensec module for GSSAPI in s3
Stefan (metze) Metzmacher
metze at samba.org
Fri Jan 6 07:07:38 MST 2012
Am 06.01.2012 14:51, schrieb simo:
> On Fri, 2012-01-06 at 15:58 +1100, Andrew Bartlett wrote:
>> On Thu, 2012-01-05 at 07:40 +1100, Andrew Bartlett wrote:
>>> On Wed, 2012-01-04 at 12:11 +0100, Stefan (metze) Metzmacher wrote:
>>>> Hi Andrew,
>>>>
>>>>> It now passes make test. I had to unify the principal selection logic
>>>>> between the gse code and the session setup code to avoid MIT-kerberos
>>>>> generated DNS lookups in make test:
>>>>>
>>>>> http://git.samba.org/?p=abartlet/samba.git/.git;a=commitdiff;h=23ad69757911f2af86558c5752420e9e70228160
>>>>>
>>>>> A similar change needs to be made to the smb seal client, and a ktest
>>>>> similar to the rpcclient test needs to be added.
>>>>>
>>>>> So, after a long gestation, finally I think this is ready to be
>>>>> submitted to autobuild!
>>>>
>>>> I'll take a look at it and may push it, ok?
>>>
>>> Thanks metze!
>>
>> Thanks for pushing the parts you had, and for finding the MIT krb5
>> gss_wrap_iov bug!
>>
>> To try and help, I've updated my branch, dropping the untested patch for
>> the smb2 torture test and rebasing on top of your reindent work:
>>
>> https://git.samba.org/abartlet/samba.git/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-rpc-gensec
>>
>> I also put my full branch s3-rpc-gensec-wip past an autobuild, and it
>> passes:
>>
>> https://git.samba.org/abartlet/samba.git/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-rpc-gensec-wip
>>
>> Let me know if there is anything more I can do to help,
>
> Does the autobuild test both with heimdal and MIT kerberos ?
Yes, with heimdal in the top-level waf build and with MIT 1.8.1
in the source3 autoconf build.
That way I found the bug in MIT 1.8.1, see
https://gitweb.samba.org/?p=samba.git;a=commitdiff;h=73ed88df350c0e307fcf7402be12170c22f2227e
Just for the record I'll push Andrew's code step by step.
I maintain a branch with comments some comments in the commit messages here:
https://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-abartlet
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120106/7b077e70/attachment.pgp>
More information about the samba-technical
mailing list