Patch: Fix big 11592

Jeremy Allison jra at samba.org
Wed Nov 11 21:38:46 UTC 2015


On Wed, Nov 11, 2015 at 07:10:12AM -0800, Richard Sharpe wrote:
> On Tue, Nov 10, 2015 at 10:54 PM, Michael Adam <obnox at samba.org> wrote:
> > ENOPATCH
> 
> Arrrgh ...
> 
> > On 2015-11-10 at 20:56 -0800, Richard Sharpe wrote:
> >> Hi folks,
> >>
> >> A potential fix for 11592. (https://bugzilla.samba.org/show_bug.cgi?id=11592)
> >>
> >> We need to return any tokens that gss_accept_sec_token returns even if
> >> it returned an error.
> >>
> >> This is one way to do that.
> >>
> >> Comments.

LGTM - pushed. Please also send the additional
patch Andrew asked for and I'll review that too !

Cheers,

Jeremy.




> From 903222ad7dc83918fd01119c7bd0ca2827ac9f73 Mon Sep 17 00:00:00 2001
> From: Richard Sharpe <rsharpe at samba.org>
> Date: Tue, 10 Nov 2015 20:50:18 -0800
> Subject: [PATCH] gss: Fix bug 11592.
> 
> As per Simo's comments in https://bugzilla.redhat.com/show_bug.cgi?id=1279249
> we need Samba to return the correct thing when gss_accept_sec_context returns
> a token along with an error.
> 
> Signed-off-by: Richard Sharpe <rsharpe at samba.org>
> ---
>  source3/librpc/crypto/gse.c | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
> index 33a32c3..9c4cce2 100644
> --- a/source3/librpc/crypto/gse.c
> +++ b/source3/librpc/crypto/gse.c
> @@ -475,8 +475,17 @@ static NTSTATUS gse_get_server_auth_token(TALLOC_CTX *mem_ctx,
>  						GSS_C_NO_BUFFER);
>  		}
>  
> -		status = NT_STATUS_LOGON_FAILURE;
> -		goto done;
> +		/*
> +		 * If we got an output token, make Windows aware of it
> +		 * by telling it that more processing is needed
> +		 */
> +		if (out_data.length > 0) {
> +			status = NT_STATUS_MORE_PROCESSING_REQUIRED;
> +			/* Fall through to handle the out token */
> +		} else {
> +			status = NT_STATUS_LOGON_FAILURE;
> +			goto done;
> +		}
>  	}
>  
>  	/* we may be told to return nothing */
> -- 
> 2.4.3
> 




More information about the samba-technical mailing list