The Samba-Bugzilla – Attachment 10363 Details for
Bug 10888
smbclient doesn't ignore "not_defined_in_RFC4178@please_ignore"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for master, 4.1.x, 4.2.x.
0001-s3-client-client-use-spnego-principal-yes-code-check.patch (text/plain), 2.88 KB, created by
Jeremy Allison
on 2014-10-21 17:10:51 UTC
(
hide
)
Description:
Patch for master, 4.1.x, 4.2.x.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2014-10-21 17:10:51 UTC
Size:
2.88 KB
patch
obsolete
>From 7768710f6e4eb72be2299ebec2bd1a45b9ed86a7 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 21 Oct 2014 10:02:17 -0700 >Subject: [PATCH] s3: client - "client use spnego principal = yes" code checks > wrong name. > >Bug 10888 - smbclient doesn't ignore "not_defined_in_RFC4178@please_ignore" > >https://bugzilla.samba.org/show_bug.cgi?id=10888 > >Code patch from <martin.wilck@ts.fujitsu.com>, other updates >from Jeremy Allison <jra@samba.org>. > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml | 7 +++++++ > lib/param/param_table.c | 2 +- > source3/libsmb/cliconnect.c | 2 +- > 3 files changed, 9 insertions(+), 2 deletions(-) > >diff --git a/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml b/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml >index 6ec1eb1..fb2fd55 100644 >--- a/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml >+++ b/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml >@@ -14,6 +14,10 @@ > servers known only by IP address. Kerberos relies on names, so > ordinarily cannot function in this situation. </para> > >+ <para>This is a VERY BAD IDEA for security reasons, and so this >+ parameter SHOULD NOT BE USED. It will be removed in a future >+ version of Samba.</para> >+ > <para>If disabled, Samba will use the name used to look up the > server when asking the KDC for a ticket. This avoids situations > where a server may impersonate another, soliciting authentication >@@ -23,6 +27,9 @@ > <para>Note that Windows XP SP2 and later versions already follow > this behaviour, and Windows Vista and later servers no longer > supply this 'rfc4178 hint' principal on the server side.</para> >+ >+ <para>This parameter is deprecated in Samba 4.2.0 and will be removed >+ (along with the functionality) in a later release of Samba.</para> > </description> > <value type="default">no</value> > </samba:parameter> >diff --git a/lib/param/param_table.c b/lib/param/param_table.c >index 15ffa8c..8f7fe98 100644 >--- a/lib/param/param_table.c >+++ b/lib/param/param_table.c >@@ -761,7 +761,7 @@ struct parm_struct parm_table[] = { > .offset = GLOBAL_VAR(client_use_spnego_principal), > .special = NULL, > .enum_list = NULL, >- .flags = FLAG_ADVANCED, >+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED, > }, > { > .label = "username", >diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c >index 789a85d..a9e0cd0 100644 >--- a/source3/libsmb/cliconnect.c >+++ b/source3/libsmb/cliconnect.c >@@ -1646,7 +1646,7 @@ static char *cli_session_setup_get_principal( > char *principal = NULL; > > if (!lp_client_use_spnego_principal() || >- strequal(principal, ADS_IGNORE_PRINCIPAL)) { >+ strequal(spnego_principal, ADS_IGNORE_PRINCIPAL)) { > spnego_principal = NULL; > } > if (spnego_principal != NULL) { >-- >2.1.0.rc2.206.gedb03e5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10363">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 10888
:
10361
|
10363
|
10893
|
10915