[PATCH] Clean up cli_pipe to find the auth footer once only.
Andrew Bartlett
abartlet at samba.org
Wed Jul 16 03:28:22 GMT 2003
On Tue, Jul 15, 2003 at 10:03:37PM -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 16 Jul 2003, Andrew Bartlett wrote:
>
> > > Modified Files:
> > > Tag: SAMBA_3_0
> > > cli_pipe.c
> > > Log Message:
> > > fix schannel processing on fragmented PDUs. 'net rpc vampire' works again.
> >
> > Thankyou very much for finding this - my test domain didn't seem to give
> > me the fragmentated PDUs.
>
> no problem. You owe me 2 hours though :-) You must have a very small
> domain. I have about 4 users and as many groups.
>
> > I've tried to fix this for the generic case - it looks like the NTLMSSP case
> > never coped with fragmented PDUs, hence the introduction of this bug.
> >
> > What I'm trying to do in the attached patch is ensure we try to find the
> > authentication footer only once...
> >
> > Could you please check this against your test domains?
>
> Seems ok. The only thing I see is
>
> SCHANNEL ERROR: seq_num must be even in client (seq_num=3)
> SCHANNEL seq_num=3
> SCHANNEL: netsec_encode seq_num=3 data_len=104
>
> But this was here before. users and groups decode properly.
> I'm only testing the schannel stuff though. I'm not paying attention
> to much else.
I just looked over the code - I think it's bogus. (It assumes a pure
request/reply model, which just doesn't happen for fragmented PDUs).
> So as long as the domain migration still works (which it does)
> and domain joins are ok, then let's put this in for beta3.
> I'm starting on beta3 now so please go ahead and check this in.
Done.
Andrew Bartlett
More information about the samba-technical
mailing list