Vista CFX join and 'out of order' GSSAPI messages
Jeffrey Altman
jaltman at secure-endpoints.com
Thu Jul 24 17:52:35 GMT 2008
To the best of my knowledge Microsoft does not support out of order
delivery of messaging.
Jeffrey Altman
Andrew Bartlett wrote:
> With the changes in this attached patch (not to be applied, pending the
> previous question), I've been able to make Vista join Samba4, using AES
> kerberos subkeys (and I think therefore GSSAPI CFX).
>
> However, the sequence number is wrong in the server - but only by one.
> I wonder if the 'dce-style' changes are to blame?
>
> perhaps a snippet from my gdb session (on the Samba4 server, with the
> Vista client) might show the problem well:
>
> _gssapi_msg_order_check (o=0x8ed1470, seq_num=109012496)
> at heimdal/lib/gssapi/krb5/sequence.c:148
> 148 if (o == NULL)
> (gdb) n
> 151 if ((o->flags & (GSS_C_REPLAY_FLAG|GSS_C_SEQUENCE_FLAG)) == 0)
> (gdb)
> 155 if (o->elem[0] == seq_num - 1) {
> (gdb) p o->elem[0]
> $8 = 109012494
> (gdb) p seq_num
> $9 = 109012496
>
> Any ideas?
>
> Thanks,
>
> Andrew Bartlett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080724/d563a43a/smime-0001.bin
More information about the samba-technical
mailing list