[cifs-protocol] Protocol changes in KB2992611 [115012312316449]

Andrew Bartlett abartlet at samba.org
Mon Jan 26 15:12:32 MST 2015


On Mon, 2015-01-26 at 20:01 +0000, Obaid Farooqi wrote:
> Hi Andrew:
> This is kind of an open ended question.

I do realise that, but presumably there are some detailed notes that
backed up the KB as to what specifically was changed?  From the outside,
given the widespread impact, it looks like a swap out of the whole X.509
supporting stack for a newer version, where the new version checks more
error codes, but I'm hoping it was more limited than that. 

> Can you please let me know the specific scenario that is failing after the application of this kb with supporting network trace? I need that to repro the scenario, debug, file bug etc.

Samba AD DC from git master (all 4.x versions apparently impacted), join
Windows 8.1 with current updates (either the updated iso from 2014-12
as-is or with all updates) and open the 'credentials manager' from
control panel when logged in as the domain administrator.  It fails in
line with 
https://social.technet.microsoft.com/Forums/windows/en-US/47faab6b-d717-4068-bee4-c694811e0066/credential-manager-problems-error-0x80090345?forum=w8itpronetworking
https://groups.google.com/forum/#!topic/mailing.unix.samba/g1kctbsI5Ng

Presumably creating new users will allow the failure to be reproduced
without the whole re-join, but we worked from multiple VMs and snapshots
to keep it reproducible. 

I've also tried additionally with the patches from here, without
success: 
http://repo.or.cz/w/Samba/reqa.git/shortlog/refs/heads/BKRP
git://repo.or.cz/Samba/reqa.git BKRP

A genuinely unpatched Windows 8.1 works against Samba master. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba



-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-creds-manager-against-2012r2-from-join.pcapng
Type: application/x-pcapng
Size: 844848 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-creds-manager-against-samba4-BKRP-branch-from-boot.pcapng
Type: application/x-pcapng
Size: 1122916 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-creds-manager-against-samba4-master-from-boot.pcapng
Type: application/x-pcapng
Size: 1303788 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: windows8.1-unpatched-creds-manager-against-samba4-master-from-join.pcapng
Type: application/x-pcapng
Size: 1235384 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20150127/d6876aac/attachment-0007.bin>


More information about the cifs-protocol mailing list