/[smeserver]/rpms/samba/sme10/samba-4.2.10-ldap-sasl-win2003.patch
ViewVC logotype

Annotation of /rpms/samba/sme10/samba-4.2.10-ldap-sasl-win2003.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Wed Oct 5 16:49:56 2016 UTC (8 years, 1 month ago) by vip-ire
Branch: MAIN
CVS Tags: samba-4_2_10-7_1_el7_sme
Update upstream patches for 4.2.10

1 vip-ire 1.1 From 7a73e56dfa2ca8569ffdda0b9738516081889523 Mon Sep 17 00:00:00 2001
2     From: Stefan Metzmacher <metze@samba.org>
3     Date: Fri, 8 Apr 2016 10:05:38 +0200
4     Subject: [PATCH] s3:libads: sasl wrapped LDAP connections against with
5     kerberos and arcfour-hmac-md5
6    
7     This fixes a regression in commit 2cb07ba50decdfd6d08271cd2b3d893ff95f5af9
8     (s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos)
9     that prevents things like 'net ads join' from working against a Windows 2003 domain.
10    
11     BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804
12    
13     Signed-off-by: Stefan Metzmacher <metze@samba.org>
14     ---
15     source3/libads/sasl.c | 8 +++++++-
16     1 file changed, 7 insertions(+), 1 deletion(-)
17    
18     diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
19     index 4fcd733..22aa9cf 100644
20     --- a/source3/libads/sasl.c
21     +++ b/source3/libads/sasl.c
22     @@ -312,7 +312,13 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
23     ads->ldap.out.max_unwrapped = gensec_max_input_size(auth_generic_state->gensec_security);
24    
25     ads->ldap.out.sig_size = max_wrapped - ads->ldap.out.max_unwrapped;
26     - ads->ldap.in.min_wrapped = ads->ldap.out.sig_size;
27     + /*
28     + * Note that we have to truncate this to 0x2C
29     + * (taken from a capture with LDAP unbind), as the
30     + * signature size is not constant for Kerberos with
31     + * arcfour-hmac-md5.
32     + */
33     + ads->ldap.in.min_wrapped = MIN(ads->ldap.out.sig_size, 0x2C);
34     ads->ldap.in.max_wrapped = max_wrapped;
35     status = ads_setup_sasl_wrapping(ads, &ads_sasl_gensec_ops, auth_generic_state->gensec_security);
36     if (!ADS_ERR_OK(status)) {
37     --
38     1.9.1
39    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed