diff -Nru samba-3.5.4~dfsg/debian/changelog samba-3.5.4~dfsg/debian/changelog --- samba-3.5.4~dfsg/debian/changelog 2010-11-22 20:05:46.000000000 +0200 +++ samba-3.5.4~dfsg/debian/changelog 2010-12-17 15:43:34.000000000 +0200 @@ -1,3 +1,11 @@ +samba (2:3.5.4~dfsg-1ubuntu8.2) maverick-proposed; urgency=low + + * debian/patches/spnego-auth-win7.patch: SPNEGO auth fails when contacting Win7 + system using Microsoft Live Sign-in Assistant. (LP: #458637). Patch taken + from upstream (https://bugzilla.samba.org/show_bug.cgi?id=7577) + + -- PhobosK Fri, 17 Dec 2010 10:40:10 +0300 + samba (2:3.5.4~dfsg-1ubuntu8.1) maverick-proposed; urgency=low * debian/patches/fix-lpbug-393012.patch: gvfsd-smb (Gnome vfs) fails to copy diff -Nru samba-3.5.4~dfsg/debian/patches/series samba-3.5.4~dfsg/debian/patches/series --- samba-3.5.4~dfsg/debian/patches/series 2010-11-22 19:43:12.000000000 +0200 +++ samba-3.5.4~dfsg/debian/patches/series 2010-12-17 15:38:21.000000000 +0200 @@ -13,3 +13,4 @@ error-trans.fix-276472 security-CVE-2010-3069.patch fix-lpbug-393012.patch +spnego-auth-win7.patch diff -Nru samba-3.5.4~dfsg/debian/patches/spnego-auth-win7.patch samba-3.5.4~dfsg/debian/patches/spnego-auth-win7.patch --- samba-3.5.4~dfsg/debian/patches/spnego-auth-win7.patch 1970-01-01 02:00:00.000000000 +0200 +++ samba-3.5.4~dfsg/debian/patches/spnego-auth-win7.patch 2010-12-17 15:32:34.000000000 +0200 @@ -0,0 +1,78 @@ +diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c +index 264743b..36d21d0 100644 +--- a/source3/libsmb/clispnego.c ++++ b/source3/libsmb/clispnego.c +@@ -4,7 +4,7 @@ + Copyright (C) Andrew Tridgell 2001 + Copyright (C) Jim McDonough 2002 + Copyright (C) Luke Howard 2003 +- ++ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or +@@ -146,9 +146,16 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob, + asn1_start_tag(data,ASN1_APPLICATION(0)); + + asn1_check_OID(data,OID_SPNEGO); ++ ++ /* negTokenInit [0] NegTokenInit */ + asn1_start_tag(data,ASN1_CONTEXT(0)); + asn1_start_tag(data,ASN1_SEQUENCE(0)); + ++ /* mechTypes [0] MechTypeList OPTIONAL */ ++ ++ /* Not really optional, we depend on this to decide ++ * what mechanisms we have to work with. */ ++ + asn1_start_tag(data,ASN1_CONTEXT(0)); + asn1_start_tag(data,ASN1_SEQUENCE(0)); + for (i=0; asn1_tag_remaining(data) > 0 && i < ASN1_MAX_OIDS-1; i++) { +@@ -161,11 +168,45 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob, + asn1_end_tag(data); + + *principal = NULL; +- if (asn1_tag_remaining(data) > 0) { ++ ++ /* ++ Win7 + Live Sign-in Assistant attaches a mechToken ++ ASN1_CONTEXT(2) to the negTokenInit packet ++ which breaks our negotiation if we just assume ++ the next tag is ASN1_CONTEXT(3). ++ */ ++ ++ if (asn1_peek_tag(data, ASN1_CONTEXT(1))) { ++ uint8 flags; ++ ++ /* reqFlags [1] ContextFlags OPTIONAL */ ++ asn1_start_tag(data, ASN1_CONTEXT(1)); ++ asn1_start_tag(data, ASN1_BIT_STRING); ++ while (asn1_tag_remaining(data) > 0) { ++ asn1_read_uint8(data, &flags); ++ } ++ asn1_end_tag(data); ++ asn1_end_tag(data); ++ } ++ ++ if (asn1_peek_tag(data, ASN1_CONTEXT(2))) { ++ /* mechToken [2] OCTET STRING OPTIONAL */ ++ DATA_BLOB token; ++ asn1_start_tag(data, ASN1_CONTEXT(2)); ++ asn1_read_OctetString(data, talloc_autofree_context(), ++ &token); ++ asn1_end_tag(data); ++ /* Throw away the token - not used. */ ++ data_blob_free(&token); ++ } ++ ++ if (asn1_peek_tag(data, ASN1_CONTEXT(3))) { ++ /* mechListMIC [3] OCTET STRING OPTIONAL */ + asn1_start_tag(data, ASN1_CONTEXT(3)); + asn1_start_tag(data, ASN1_SEQUENCE(0)); + asn1_start_tag(data, ASN1_CONTEXT(0)); +- asn1_read_GeneralString(data,talloc_autofree_context(),principal); ++ asn1_read_GeneralString(data,talloc_autofree_context(), ++ principal); + asn1_end_tag(data); + asn1_end_tag(data); + asn1_end_tag(data);