[cifs-protocol] RE: Other types of Kerberos messages on SamLogon
Generic
Andrew Bartlett
abartlet at samba.org
Mon Sep 22 21:01:58 GMT 2008
On Wed, 2008-09-17 at 14:02 -0700, Hongwei Sun wrote:
> Andrew,
>
> After running Samba RPC-PAC test, analyzing network trace and
> reviewing its source code, we think that we found the problem in the
> Sambatorture implementation. In the loop of setting message type
> from 0x00 to 0xFF, the test program sends the exactly same
> PAC_Validate buffer for each call. This can be observed from the
> network trace. Then we confirmed that in ndr_push_PAC_Validate(),
> which marshals the PAC_Validate structure, message type is always set
> to NETLOGON_GENERIC_KRB5_PAC_VALIDATE (0x3). That explains why
> Microsoft servers always return NT_STATUS_OK for all the calls in your
> test.
That makes much more sense.
> We also found that the other tests(wrong length, corrupted data, bad
> signature etc) performed by Smbtorture failed as expected.
>
> Please let us know if what we found is correct.
Thank-you very much for your analysis, particularly the level to which
you were willing to dig into this. I'll fix the test to avoid the
pointless looping :-)
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080922/9df667cb/attachment.bin
More information about the cifs-protocol
mailing list