svn commit: samba r25227 - in branches/SAMBA_3_2/source/libsmb: .

metze at samba.org metze at samba.org
Wed Sep 19 14:33:34 GMT 2007 

Author: metze
Date: 2007-09-19 14:33:32 +0000 (Wed, 19 Sep 2007)
New Revision: 25227

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25227

Log:
Patch from "Steven Danneman" <steven.danneman at isilon.com>:

-
We ran across a bug joining our Samba server to a Win2K domain with LDAP
signing turned on.  Upon investigation I discovered that there is a bug
in Win2K server which returns a duplicated responseToken in the LDAP
bindResponse packet.  This blob is placed in the optional mechListMIC
field which is unsupported in both Win2K and Win2K3.  You can see RFC
2478 for the proper packet construction.  I've worked with metze on this
to confirm all these finding.

This patch properly parses then discards the mechListMIC field if it
exists in the packet, so we don't produce a malformed packet error,
causing LDAP signed joins to fail.  Also attached is a sniff of the
domain join, exposing Win2Ks bad behavior (packet 21).
-

(I've just changed the scope of the DATA_BLOB mechList)

metze
Modified:
   branches/SAMBA_3_2/source/libsmb/clispnego.c


Changeset:
Modified: branches/SAMBA_3_2/source/libsmb/clispnego.c
===================================================================
--- branches/SAMBA_3_2/source/libsmb/clispnego.c	2007-09-19 12:45:35 UTC (rev 25226)
+++ branches/SAMBA_3_2/source/libsmb/clispnego.c	2007-09-19 14:33:32 UTC (rev 25227)
@@ -557,6 +557,20 @@
 		data.has_error = 1;
 	}
 
+	/* Binding against Win2K DC returns a duplicate of the responseToken in
+	 * the optional mechListMIC field. This is a bug in Win2K. We ignore
+	 * this field if it exists. Win2K8 may return a proper mechListMIC at
+	 * which point we need to implement the integrity checking. */
+	if (asn1_tag_remaining(&data)) {
+		DATA_BLOB mechList = data_blob_null;
+		asn1_start_tag(&data, ASN1_CONTEXT(3));
+		asn1_read_OctetString(&data, &mechList);
+		asn1_end_tag(&data);
+		data_blob_free(&mechList);
+		DEBUG(5,("spnego_parse_auth_response received mechListMIC, "
+		    "ignoring.\n"));
+	}
+
 	asn1_end_tag(&data);
 	asn1_end_tag(&data);

More information about the samba-cvs mailing list