Backporting DCERPC Security Context Multiplexing?

Andrew Bartlett abartlet at samba.org
Sat Jan 19 20:55:47 UTC 2019


On Thu, 2019-01-17 at 10:05 -0800, Jeremy Allison via samba-technical
wrote:
> On Thu, Jan 17, 2019 at 05:09:28PM +0100, Stefan Metzmacher wrote:
> > 
> > Hi,
> > 
> > > 
> > > > 
> > > > Here's what I'm going with. No real changes, just the
> > > > comments/commit massage updates and talloc -> talloc_zero
> > > > change.
> > > > 
> > > > RB+.
> > > > 
> > > > Phew. That was a marathon review session :-).
> > As these patches would like fix real world problems, see:
> > 
> > https://bugzilla.samba.org/show_bug.cgi?id=7113
> > https://bugzilla.samba.org/show_bug.cgi?id=11892
> > 
> > I'm wondering if we should backport them to current releases?
> > We could also turn the feature off in order to keep the old
> > behavior.
> > 
> > The patchset has a lot of patches, but the changes are very
> > isolated
> > in the core s4:rpc_server and we have an it's tested a lot in
> > raw_protocol.py. I have a 4.9 backport here:
> > 
> > https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/head
> > s/v4-9-dcerpc-auth
> > 
> > And a pipeline is running here:
> > https://gitlab.com/samba-team/devel/samba/pipelines/43756435
> > 
> > What do you think?
> If you're willing to do the back-port work,
> the least I can do is to re-review the
> patches :-).

I've been bitten too much with feature backports as bug-fixes, I really
think we can wait until 4.10 for this.

I agree there are very real-world issues (I had clients come to me
looking to fix it) but the scale of the fix required was even greater
than I imagined.  

Metze, 

Thank you so much for doing this work, it is really appreciated, I just
think the best way to ensure our users get to use it is to try not
avoid brown paper bags with the 4.10 release.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba-technical mailing list