schannel bug
Steve Langasek
vorlon at netexpress.net
Wed Oct 1 03:45:00 GMT 2003
On Wed, Oct 01, 2003 at 01:29:32PM +1000, Andrew Bartlett wrote:
> On Sat, 2003-09-27 at 09:27, Andrew Bartlett wrote:
> > On Sat, 2003-09-27 at 00:31, Gerald (Jerry) Carter wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > Can someone who worked on the schannel code provide some feedback
> > > on bug 309?
> > > I'm seeing an rpc fault in the logs (and a "procedure is out of
> > > range" error message on the client).
> > > process_incoming_data: Start: pdu_received_len = 0, pdu_needed_len = 304,
> > > incoming data = 304
> > > process_complete_pdu: processing packet type 0
> > > 000000 smb_io_rpc_hdr_req req
> > > 0000 alloc_hint: 000000f4
> > > 0004 context_id: 0000
> > > 0006 opnum : 0002
> > > data 256 auth 32
> > > 000108 smb_io_rpc_hdr_auth hdr_auth
> > > 0108 auth_type : 44
> > > 0109 auth_level : 05
> > > 010a padding : 0c
> > > 010b reserved : 00
> > > 010c auth_context : 000b1ca8
> > > Invalid auth info 68 or level 5 on schannel
> > > process_request_pdu: failed to do schannel processing.
> > > set_incoming_fault: Setting fault state on pipe NETLOGON : vuid = 0x64
> > > process_complete_pdu: DCE/RPC fault sent on pipe lsass
> > > set_incoming_fault: Setting fault state on pipe NETLOGON : vuid = 0x64
> > Yes, it's possible to get some domain clients into a state where they
> > will refuse to 'seal' the schannel connection, only sign it. We don't
> > currently know how to only sign it (we are close - I have most of the
> > code there, but it doesn't quite work yet :-).
> I've uploaded a proposed fix to bug #167 in our bugzilla.
Verified to work (so far) with Win2Ksp4 as a signing-only client.
--
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20030930/b716d8b6/attachment.bin
More information about the samba-technical
mailing list