Patch: spnego auth packet parsing
Luke Howard
lukeh at padl.com
Tue Sep 18 22:45:49 GMT 2007
This is a long-standing bug in Windows, see RFC 4178 Appendix C.
-- Luke
Steven Danneman wrote:
> Hello,
>
>
>
> We ran across a bug joining our Samba server to a Win2K domain with LDAP
> signing turned on. Upon investigation I discovered that there is a bug
> in Win2K server which returns a duplicated responseToken in the LDAP
> bindResponse packet. This blob is placed in the optional mechListMIC
> field which is unsupported in both Win2K and Win2K3. You can see RFC
> 2478 for the proper packet construction. I've worked with metze on this
> to confirm all these finding.
>
>
>
> This patch properly parses then discards the mechListMIC field if it
> exists in the packet, so we don't produce a malformed packet error,
> causing LDAP signed joins to fail. Also attached is a sniff of the
> domain join, exposing Win2Ks bad behavior (packet 21).
>
>
>
> Steven Danneman | Software Developer
>
> Isilon Systems P +1-206-315-7500 F +1-206-315-7485
>
> www.isilon.com
>
>
>
> How breakthroughs begin.(tm)
>
>
>
>
>
>
--
www.padl.com | www.lukehoward.com
More information about the samba-technical
mailing list