Vista CFX join and 'out of order' GSSAPI messages
Love Hörnquist Åstrand
lha at kth.se
Tue Jul 22 18:16:26 GMT 2008
Hello Andrew,
The DCE-STYLE patches where from metze (I think)
Also, just to confuse us, the seq number might be diffrent for RC4 and
AES
Does it work if you change the seq number to one larger in the DCE-RPC
case, near the end of acceptor_wait_for_dcestyle() is the remote seq
number reset.
Love
22 jul 2008 kl. 10.50 skrev Andrew Bartlett:
> With the changes in this attached patch (not to be applied, pending
> the
> previous question), I've been able to make Vista join Samba4, using
> AES
> kerberos subkeys (and I think therefore GSSAPI CFX).
>
> However, the sequence number is wrong in the server - but only by one.
> I wonder if the 'dce-style' changes are to blame?
>
> perhaps a snippet from my gdb session (on the Samba4 server, with the
> Vista client) might show the problem well:
>
> _gssapi_msg_order_check (o=0x8ed1470, seq_num=109012496)
> at heimdal/lib/gssapi/krb5/sequence.c:148
> 148 if (o == NULL)
> (gdb) n
> 151 if ((o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)) == 0)
> (gdb)
> 155 if (o->elem[0] == seq_num - 1) {
> (gdb) p o->elem[0]
> $8 = 109012494
> (gdb) p seq_num
> $9 = 109012496
>
> Any ideas?
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Red Hat Inc. http://redhat.com
>
> <vista-join.patch>
More information about the samba-technical
mailing list