schannel bug

Andrew Bartlett abartlet at samba.org
Wed Oct 1 03:29:58 GMT 2003 

On Sat, 2003-09-27 at 09:27, Andrew Bartlett wrote:
> On Sat, 2003-09-27 at 00:31, Gerald (Jerry) Carter wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Can someone who worked on the schannel code provide some feedback
> > on bug 309?
> > 
> > I'm seeing an rpc fault in the logs (and a "procedure is out of
> > range" error message on the client).
> > 
> > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 304,
> > incoming data = 304
> > process_complete_pdu: processing packet type 0
> > 000000 smb_io_rpc_hdr_req req
> >      0000 alloc_hint: 000000f4
> >      0004 context_id: 0000
> >      0006 opnum     : 0002
> > data 256 auth 32
> > 000108 smb_io_rpc_hdr_auth hdr_auth
> >      0108 auth_type    : 44
> >      0109 auth_level   : 05
> >      010a padding      : 0c
> >      010b reserved     : 00
> >      010c auth_context : 000b1ca8
> > Invalid auth info 68 or level 5 on schannel
> > process_request_pdu: failed to do schannel processing.
> > set_incoming_fault: Setting fault state on pipe NETLOGON : vuid = 0x64
> > process_complete_pdu: DCE/RPC fault sent on pipe lsass
> > set_incoming_fault: Setting fault state on pipe NETLOGON : vuid = 0x64
> 
> Yes, it's possible to get some domain clients into a state where they
> will refuse to 'seal' the schannel connection, only sign it.  We don't
> currently know how to only sign it (we are close - I have most of the
> code there, but it doesn't quite work yet :-).

I've uploaded a proposed fix to bug #167 in our bugzilla.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031001/27d23439/attachment.bin

More information about the samba-technical mailing list