Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 289788 Details for
Bug 425996
Some minor Kerberos related Windows Vista fixes
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Kerberos related patches for Windows Vista
samba-3.0.28-vista-fixes.patch (text/plain), 6.52 KB, created by
Simo Sorce
on 2007-12-17 17:16:43 UTC
(
hide
)
Description:
Kerberos related patches for Windows Vista
Filename:
MIME Type:
Creator:
Simo Sorce
Created:
2007-12-17 17:16:43 UTC
Size:
6.52 KB
patch
obsolete
>diff -upr samba-3.0.28.orig/source/configure.in samba-3.0.28/source/configure.in >--- samba-3.0.28.orig/source/configure.in 2007-11-20 22:58:01.000000000 -0500 >+++ samba-3.0.28/source/configure.in 2007-12-17 10:33:08.000000000 -0500 >@@ -3944,6 +3944,30 @@ if test x"$with_ads_support" != x"no"; t > fi > > >+ AC_CACHE_CHECK([for krb5_principal_get_realm], >+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM,[ >+ AC_TRY_LINK([#include <krb5.h>], >+ [krb5_context ctx = NULL; krb5_principal princ = NULL; const char *str = krb5_principal_get_realm(ctx, princ);], >+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM=yes, >+ samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM=no)]) >+ >+ if test x"$samba_cv_HAVE_KRB5_PRINCIPAL_GET_REALM" = x"yes"; then >+ AC_DEFINE(HAVE_KRB5_PRINCIPAL_GET_REALM,1, >+ [Whether the function krb5_principal_get_realm is defined]) >+ fi >+ >+ AC_CACHE_CHECK([for krb5_princ_realm], >+ samba_cv_HAVE_KRB5_PRINC_REALM,[ >+ AC_TRY_LINK([#include <krb5.h>], >+ [krb5_context ctx = NULL; krb5_principal princ = NULL; const char *str = krb5_princ_realm(ctx, princ)->data;], >+ samba_cv_HAVE_KRB5_PRINC_REALM=yes, >+ samba_cv_HAVE_KRB5_PRINC_REALM=no)]) >+ >+ if test x"$samba_cv_HAVE_KRB5_PRINC_REALM" = x"yes"; then >+ AC_DEFINE(HAVE_KRB5_PRINC_REALM,1, >+ [Whether the macro krb5_princ_realm is defined]) >+ fi >+ > # > # > # Now the decisions whether we can support krb5 >diff -upr samba-3.0.28.orig/source/libads/kerberos.c samba-3.0.28/source/libads/kerberos.c >--- samba-3.0.28.orig/source/libads/kerberos.c 2007-11-14 22:15:03.000000000 -0500 >+++ samba-3.0.28/source/libads/kerberos.c 2007-12-17 10:33:55.000000000 -0500 >@@ -362,6 +362,58 @@ char* kerberos_secrets_fetch_des_salt( v > return salt; > } > >+/************************************************************************ >+ Routine to get the default realm from the kerberos credentials cache. >+ Caller must free if the return value is not NULL. >+************************************************************************/ >+ >+char *kerberos_get_default_realm_from_ccache( void ) >+{ >+ char *realm = NULL; >+ krb5_context ctx = NULL; >+ krb5_ccache cc = NULL; >+ krb5_principal princ = NULL; >+ >+ initialize_krb5_error_table(); >+ if (krb5_init_context(&ctx)) { >+ return NULL; >+ } >+ >+ DEBUG(5,("kerberos_get_default_realm_from_ccache: " >+ "Trying to read krb5 cache: %s\n", >+ krb5_cc_default_name(ctx))); >+ if (krb5_cc_default(ctx, &cc)) { >+ DEBUG(0,("kerberos_get_default_realm_from_ccache: " >+ "failed to read default cache\n")); >+ goto out; >+ } >+ if (krb5_cc_get_principal(ctx, cc, &princ)) { >+ DEBUG(0,("kerberos_get_default_realm_from_ccache: " >+ "failed to get default principal\n")); >+ goto out; >+ } >+ >+#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM) >+ realm = SMB_STRDUP(krb5_principal_get_realm(ctx, princ)); >+#elif defined(HAVE_KRB5_PRINC_REALM) >+ realm = SMB_STRDUP(krb5_princ_realm(ctx, princ)->data); >+#endif >+ >+ out: >+ >+ if (princ) { >+ krb5_free_principal(ctx, princ); >+ } >+ if (cc) { >+ krb5_cc_close(ctx, cc); >+ } >+ if (ctx) { >+ krb5_free_context(ctx); >+ } >+ >+ return realm; >+} >+ > > /************************************************************************ > Routine to get the salting principal for this service. This is >diff -upr samba-3.0.28.orig/source/libsmb/cliconnect.c samba-3.0.28/source/libsmb/cliconnect.c >--- samba-3.0.28.orig/source/libsmb/cliconnect.c 2007-11-14 22:15:03.000000000 -0500 >+++ samba-3.0.28/source/libsmb/cliconnect.c 2007-12-17 10:33:08.000000000 -0500 >@@ -40,6 +40,8 @@ static const struct { > {-1,NULL} > }; > >+static const char *star_smbserver_name = "*SMBSERVER"; >+ > /** > * Set the user session key for a connection > * @param cli The cli structure to add it too >@@ -861,10 +863,41 @@ ADS_STATUS cli_session_setup_spnego(stru > } > } > >- rc = cli_session_setup_kerberos(cli, principal, domain); >- if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) { >+ /* If we get a bad principal, try to guess it if >+ we have a valid host NetBIOS name. >+ */ >+ if (strequal(principal, >+ "not_defined_in_RFC4178@please_ignore")) { > SAFE_FREE(principal); >- return rc; >+ } >+ if (principal == NULL && >+ !is_ipaddress(cli->desthost) && >+ !strequal(star_smbserver_name, >+ cli->desthost)) { >+ char *realm = NULL; >+ DEBUG(3,("cli_session_setup_spnego: got a " >+ "bad server principal, trying to guess ...\n")); >+ >+ realm = kerberos_get_default_realm_from_ccache(); >+ if (realm && *realm) { >+ if (asprintf(&principal, "%s$@%s", >+ cli->desthost, realm) < 0) { >+ SAFE_FREE(realm); >+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); >+ } >+ DEBUG(3,("cli_session_setup_spnego: guessed " >+ "server principal=%s\n", >+ principal ? principal : "<null>")); >+ } >+ SAFE_FREE(realm); >+ } >+ >+ if (principal) { >+ rc = cli_session_setup_kerberos(cli, principal, domain); >+ if (ADS_ERR_OK(rc) || !cli->fallback_after_kerberos) { >+ SAFE_FREE(principal); >+ return rc; >+ } > } > } > #endif >@@ -1412,7 +1445,7 @@ NTSTATUS cli_connect(struct cli_state *c > char *p; > > /* reasonable default hostname */ >- if (!host) host = "*SMBSERVER"; >+ if (!host) host = star_smbserver_name; > > fstrcpy(cli->desthost, host); > >@@ -1527,8 +1560,8 @@ again: > *p = 0; > goto again; > } >- if (strcmp(called.name, "*SMBSERVER")) { >- make_nmb_name(&called , "*SMBSERVER", 0x20); >+ if (strcmp(called.name, star_smbserver_name)) { >+ make_nmb_name(&called , star_smbserver_name, 0x20); > goto again; > } > return NT_STATUS_BAD_NETWORK_NAME; >@@ -1652,7 +1685,7 @@ BOOL attempt_netbios_session_request(str > */ > > if(is_ipaddress(desthost)) { >- make_nmb_name(&called, "*SMBSERVER", 0x20); >+ make_nmb_name(&called, star_smbserver_name, 0x20); > } else { > make_nmb_name(&called, desthost, 0x20); > } >@@ -1661,7 +1694,7 @@ BOOL attempt_netbios_session_request(str > NTSTATUS status; > struct nmb_name smbservername; > >- make_nmb_name(&smbservername , "*SMBSERVER", 0x20); >+ make_nmb_name(&smbservername, star_smbserver_name, 0x20); > > /* > * If the name wasn't *SMBSERVER then >diff -upr samba-3.0.28.orig/source/libsmb/clikrb5.c samba-3.0.28/source/libsmb/clikrb5.c >--- samba-3.0.28.orig/source/libsmb/clikrb5.c 2007-11-14 22:15:03.000000000 -0500 >+++ samba-3.0.28/source/libsmb/clikrb5.c 2007-12-17 10:34:15.000000000 -0500 >@@ -363,9 +363,9 @@ BOOL unwrap_pac(TALLOC_CTX *mem_ctx, DAT > /* check if it is a PAC */ > got_auth_data_pac = unwrap_pac(mem_ctx, &auth_data_wrapped, auth_data); > data_blob_free(&auth_data_wrapped); >- >- if (!got_auth_data_pac) { >- continue; >+ >+ if (got_auth_data_pac) { >+ return true; > } > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=289788">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 425996
:
289788
|
289812