Patch: Fix big 11592
Jeremy Allison
jra at samba.org
Wed Nov 11 21:38:46 UTC 2015
On Wed, Nov 11, 2015 at 07:10:12AM -0800, Richard Sharpe wrote:
> On Tue, Nov 10, 2015 at 10:54 PM, Michael Adam <obnox at samba.org> wrote:
> > ENOPATCH
>
> Arrrgh ...
>
> > On 2015-11-10 at 20:56 -0800, Richard Sharpe wrote:
> >> Hi folks,
> >>
> >> A potential fix for 11592. (https://bugzilla.samba.org/show_bug.cgi?id=11592)
> >>
> >> We need to return any tokens that gss_accept_sec_token returns even if
> >> it returned an error.
> >>
> >> This is one way to do that.
> >>
> >> Comments.
LGTM - pushed. Please also send the additional
patch Andrew asked for and I'll review that too !
Cheers,
Jeremy.
> From 903222ad7dc83918fd01119c7bd0ca2827ac9f73 Mon Sep 17 00:00:00 2001
> From: Richard Sharpe <rsharpe at samba.org>
> Date: Tue, 10 Nov 2015 20:50:18 -0800
> Subject: [PATCH] gss: Fix bug 11592.
>
> As per Simo's comments in https://bugzilla.redhat.com/show_bug.cgi?id=1279249
> we need Samba to return the correct thing when gss_accept_sec_context returns
> a token along with an error.
>
> Signed-off-by: Richard Sharpe <rsharpe at samba.org>
> ---
> source3/librpc/crypto/gse.c | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
> index 33a32c3..9c4cce2 100644
> --- a/source3/librpc/crypto/gse.c
> +++ b/source3/librpc/crypto/gse.c
> @@ -475,8 +475,17 @@ static NTSTATUS gse_get_server_auth_token(TALLOC_CTX *mem_ctx,
> GSS_C_NO_BUFFER);
> }
>
> - status = NT_STATUS_LOGON_FAILURE;
> - goto done;
> + /*
> + * If we got an output token, make Windows aware of it
> + * by telling it that more processing is needed
> + */
> + if (out_data.length > 0) {
> + status = NT_STATUS_MORE_PROCESSING_REQUIRED;
> + /* Fall through to handle the out token */
> + } else {
> + status = NT_STATUS_LOGON_FAILURE;
> + goto done;
> + }
> }
>
> /* we may be told to return nothing */
> --
> 2.4.3
>
More information about the samba-technical
mailing list