The Samba-Bugzilla – Attachment 10915 Details for
Bug 10888
smbclient doesn't ignore "not_defined_in_RFC4178@please_ignore"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am cherry-pick from master for 4.2.next, 4.1.next.
bug-10888 (text/plain), 3.66 KB, created by
Jeremy Allison
on 2015-03-26 19:32:33 UTC
(
hide
)
Description:
git-am cherry-pick from master for 4.2.next, 4.1.next.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2015-03-26 19:32:33 UTC
Size:
3.66 KB
patch
obsolete
>From 04804cd2551f5be159bfac6716ea9b1f37a9c033 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 19 Mar 2015 13:09:21 -0700 >Subject: [PATCH 1/2] docs: Mark 'client use spnego principal' as deprecated > and also a bad idea. > >Bug 10888 - smbclient doesn't ignore "not_defined_in_RFC4178@please_ignore" > >https://bugzilla.samba.org/show_bug.cgi?id=10888 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org> >(cherry picked from commit c9299bd6a4e86dbec10ab7741056f331a18c44a0) >--- > docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml | 7 +++++++ > lib/param/param_table.c | 2 +- > 2 files changed, 8 insertions(+), 1 deletion(-) > >diff --git a/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml b/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml >index 6ec1eb1..792a738 100644 >--- a/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml >+++ b/docs-xml/smbdotconf/security/clientusepsnegoprincipal.xml >@@ -14,6 +14,10 @@ > servers known only by IP address. Kerberos relies on names, so > ordinarily cannot function in this situation. </para> > >+ <para>This is a VERY BAD IDEA for security reasons, and so this >+ parameter SHOULD NOT BE USED. It will be removed in a future >+ version of Samba.</para> >+ > <para>If disabled, Samba will use the name used to look up the > server when asking the KDC for a ticket. This avoids situations > where a server may impersonate another, soliciting authentication >@@ -23,6 +27,9 @@ > <para>Note that Windows XP SP2 and later versions already follow > this behaviour, and Windows Vista and later servers no longer > supply this 'rfc4178 hint' principal on the server side.</para> >+ >+ <para>This parameter is deprecated in Samba 4.2.1 and will be removed >+ (along with the functionality) in a later release of Samba.</para> > </description> > <value type="default">no</value> > </samba:parameter> >diff --git a/lib/param/param_table.c b/lib/param/param_table.c >index c57f783..1b9656b 100644 >--- a/lib/param/param_table.c >+++ b/lib/param/param_table.c >@@ -760,7 +760,7 @@ struct parm_struct parm_table[] = { > .offset = GLOBAL_VAR(client_use_spnego_principal), > .special = NULL, > .enum_list = NULL, >- .flags = FLAG_ADVANCED, >+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED, > }, > { > .label = "username", >-- >2.2.0.rc0.207.ga3a616c > > >From af8ff495c3d57764542aaddd3af9eb159d23cc87 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 19 Mar 2015 13:10:33 -0700 >Subject: [PATCH 2/2] s3: client - "client use spnego principal = yes" code > checks wrong name. > >Bug 10888 - smbclient doesn't ignore "not_defined_in_RFC4178@please_ignore" > >https://bugzilla.samba.org/show_bug.cgi?id=10888 > >Code patch from <martin.wilck@ts.fujitsu.com> > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Thu Mar 26 00:56:25 CET 2015 on sn-devel-104 > >(cherry picked from commit e8932b92016fc7ece3169635fbe3d98cb0caa36b) >--- > source3/libsmb/cliconnect.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c >index 7292805..46d3da3 100644 >--- a/source3/libsmb/cliconnect.c >+++ b/source3/libsmb/cliconnect.c >@@ -1664,7 +1664,7 @@ static char *cli_session_setup_get_principal( > char *principal = NULL; > > if (!lp_client_use_spnego_principal() || >- strequal(principal, ADS_IGNORE_PRINCIPAL)) { >+ strequal(spnego_principal, ADS_IGNORE_PRINCIPAL)) { > spnego_principal = NULL; > } > if (spnego_principal != NULL) { >-- >2.2.0.rc0.207.ga3a616c >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10915">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 10888
:
10361
|
10363
|
10893
| 10915