The Samba-Bugzilla – Attachment 1210 Details for
Bug 2693
Connecting to SMB share may not work with an alias name
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to add a global option "strict name checking"
samba-strict.patch (text/plain), 3.76 KB, created by
Markus Moeller
on 2005-05-09 06:52:36 UTC
(
hide
)
Description:
Patch to add a global option "strict name checking"
Filename:
MIME Type:
Creator:
Markus Moeller
Created:
2005-05-09 06:52:36 UTC
Size:
3.76 KB
patch
obsolete
>--- param/loadparm.c 2005-05-09 14:39:09.000000000 +0100 >+++ param/loadparm_new.c 2005-05-09 14:16:30.000000000 +0100 >@@ -302,6 +302,7 @@ > BOOL bDisableNetbios; > BOOL bKernelChangeNotify; > BOOL bUseKerberosKeytab; >+ BOOL bStrictNameChecking; > BOOL bDeferSharingViolations; > BOOL bEnablePrivileges; > int restrict_anonymous; >@@ -892,6 +893,7 @@ > {"deny hosts", P_LIST, P_LOCAL, &sDefault.szHostsdeny, NULL, NULL, FLAG_HIDE}, > {"preload modules", P_LIST, P_GLOBAL, &Globals.szPreloadModules, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL}, > {"use kerberos keytab", P_BOOL, P_GLOBAL, &Globals.bUseKerberosKeytab, NULL, NULL, FLAG_ADVANCED}, >+ {"strict name checking", P_BOOL, P_GLOBAL, &Globals.bStrictNameChecking, NULL, NULL, FLAG_ADVANCED}, > > {N_("Logging Options"), P_SEP, P_SEPARATOR}, > >@@ -1591,6 +1593,8 @@ > Globals.bEnablePrivileges = False; > > Globals.szServicesList = str_list_make( "Spooler NETLOGON", NULL ); >+ >+ Globals.bStrictNameChecking = True; > } > > static TALLOC_CTX *lp_talloc; >@@ -1839,6 +1843,7 @@ > FN_GLOBAL_BOOL(lp_hostname_lookups, &Globals.bHostnameLookups) > FN_GLOBAL_BOOL(lp_kernel_change_notify, &Globals.bKernelChangeNotify) > FN_GLOBAL_BOOL(lp_use_kerberos_keytab, &Globals.bUseKerberosKeytab) >+FN_GLOBAL_BOOL(lp_strict_name_checking, &Globals.bStrictNameChecking) > FN_GLOBAL_BOOL(lp_defer_sharing_violations, &Globals.bDeferSharingViolations) > FN_GLOBAL_BOOL(lp_enable_privileges, &Globals.bEnablePrivileges) > FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level) >--- libads/kerberos_verify.c 2005-05-09 14:40:44.000000000 +0100 >+++ libads/kerberos_verify_new.c 2005-05-09 14:27:11.000000000 +0100 >@@ -45,6 +45,7 @@ > krb5_kt_cursor kt_cursor; > krb5_keytab_entry kt_entry; > char *valid_princ_formats[7] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL }; >+ char *valid_service_formats[2] = { "host", "cifs" }; > char *entry_princ_s = NULL; > fstring my_name, my_fqdn; > int i; >@@ -94,7 +95,7 @@ > DEBUG(1, ("ads_keytab_verify_ticket: krb5_unparse_name failed (%s)\n", error_message(ret))); > goto out; > } >- >+ if (lp_strict_name_checking()) { > for (i = 0; i < sizeof(valid_princ_formats) / sizeof(valid_princ_formats[0]); i++) { > if (strequal(entry_princ_s, valid_princ_formats[i])) { > number_matched_principals++; >@@ -113,6 +114,26 @@ > } > } > } >+ } else { >+ for (i = 0; i < sizeof(valid_service_formats) / sizeof(valid_service_formats[0]); i++) { >+ if (strnequal(entry_princ_s, valid_service_formats[i], strlen(valid_service_formats[i]))) { >+ number_matched_principals++; >+ p_packet->length = ticket->length; >+ p_packet->data = (krb5_pointer)ticket->data; >+ *pp_tkt = NULL; >+ ret = krb5_rd_req(context, &auth_context, p_packet, kt_entry.principal, keytab, NULL, pp_tkt); >+ if (ret) { >+ DEBUG(10, ("ads_keytab_verify_ticket: krb5_rd_req(%s) failed: %s\n", >+ entry_princ_s, error_message(ret))); >+ } else { >+ DEBUG(3,("ads_keytab_verify_ticket: krb5_rd_req succeeded for principal %s\n", >+ entry_princ_s)); >+ auth_ok = True; >+ break; >+ } >+ } >+ } >+ } > > /* Free the name we parsed. */ > krb5_free_unparsed_name(context, entry_princ_s);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1210">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2693
: 1210