Some patches for import-lorikeet-heimdal branch

Isaac Boukris iboukris at
Thu Nov 8 22:56:05 UTC 2018

Hi Andrew,

On Sun, Nov 4, 2018 at 12:02 AM Isaac Boukris <iboukris at> wrote:
> On Fri, Nov 2, 2018 at 7:13 PM Andrew Bartlett <abartlet at> wrote:
> >
> > On Fri, 2018-11-02 at 14:13 +0100, Isaac Boukris via samba-technical
> > wrote:
> > > On Wed, Oct 31, 2018 at 10:17 PM Isaac Boukris <iboukris at> wrote:
> > > > I've made a patch for this, along with some other stuff I found on the
> > > > way. Please take a look at:
> > > >

I pushed one more commit and the count is down to 1436.
This patch is essentially a re-implementation of
978bc8681e74ffa17f96fd5d4355094c4a26691c (to send ETYPE_INFO2 on
PREAUTH_FAILED) that got overwritten by the upgrade merge.

I've made one change however, to not send ENC_TIMESTAMP and company
case but only ETYPE_INFO2 same as Windows.

I had to adjust the torture test for that, to only check for
ENC_TIMESTAMP in PREAUTH_REQUIRED but now I notice we don't set
'check_pa_data' in these cases at all, so it won't exercise. Is there
any special reason for not checking pa_data for PREAUTH_REQUIRED? This
below diff passes samba4.krb5.kdc test on master.

diff --git a/source4/torture/krb5/kdc-heimdal.c
index cc70c9eda67..a6e4caf239f 100644
--- a/source4/torture/krb5/kdc-heimdal.c
+++ b/source4/torture/krb5/kdc-heimdal.c
@@ -350,7 +350,7 @@ static bool torture_krb5_post_recv_test(struct
torture_krb5_context *test_contex
                        ok = torture_check_krb5_error(test_context,

-                                                     false);
+                                                     true);
                                       "torture_check_krb5_error failed");

More information about the samba-technical mailing list