Some patches for import-lorikeet-heimdal branch

Isaac Boukris iboukris at gmail.com
Thu Nov 8 22:56:05 UTC 2018


Hi Andrew,

On Sun, Nov 4, 2018 at 12:02 AM Isaac Boukris <iboukris at gmail.com> wrote:
>
> On Fri, Nov 2, 2018 at 7:13 PM Andrew Bartlett <abartlet at samba.org> wrote:
> >
> > On Fri, 2018-11-02 at 14:13 +0100, Isaac Boukris via samba-technical
> > wrote:
> > > On Wed, Oct 31, 2018 at 10:17 PM Isaac Boukris <iboukris at gmail.com> wrote:
> > > > I've made a patch for this, along with some other stuff I found on the
> > > > way. Please take a look at:
> > > > https://gitlab.com/samba-team/devel/samba/commits/iboukris_lorikeet_import_round_one

I pushed one more commit and the count is down to 1436.
This patch is essentially a re-implementation of
978bc8681e74ffa17f96fd5d4355094c4a26691c (to send ETYPE_INFO2 on
PREAUTH_FAILED) that got overwritten by the upgrade merge.

I've made one change however, to not send ENC_TIMESTAMP and company
case but only ETYPE_INFO2 same as Windows.

I had to adjust the torture test for that, to only check for
ENC_TIMESTAMP in PREAUTH_REQUIRED but now I notice we don't set
'check_pa_data' in these cases at all, so it won't exercise. Is there
any special reason for not checking pa_data for PREAUTH_REQUIRED? This
below diff passes samba4.krb5.kdc test on master.

diff --git a/source4/torture/krb5/kdc-heimdal.c
b/source4/torture/krb5/kdc-heimdal.c
index cc70c9eda67..a6e4caf239f 100644
--- a/source4/torture/krb5/kdc-heimdal.c
+++ b/source4/torture/krb5/kdc-heimdal.c
@@ -350,7 +350,7 @@ static bool torture_krb5_post_recv_test(struct
torture_krb5_context *test_contex
                        ok = torture_check_krb5_error(test_context,
                                                      recv_buf,

KRB5KDC_ERR_PREAUTH_REQUIRED,
-                                                     false);
+                                                     true);
                        torture_assert(test_context->tctx,
                                       ok,
                                       "torture_check_krb5_error failed");



More information about the samba-technical mailing list