s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000

Matthias Dieter Wallnöfer mdw at samba.org
Sun May 30 06:53:19 MDT 2010


if you are so concerned I don't have another possibility other than to 
revert it. I just would like to bring to attention that the mentioned 
"special" RPC calls work against Windows Server 2008 - so the problem is 
definitely valid.
Before I pushed this fix I tried also to activate our header-sign 
support ("dcesrv:header sign = yes" in smb.conf) - which would be the 
expected solution. But then the whole schannel interactions with the 
Windows client broke.

I revert but I wish that you or metze take care about the issue and see 
what's still missing in our own RPC header-sign implementation. If this 
is fixed then we are done.


Andrew Bartlett wrote:
> On Sun, 2010-05-30 at 14:22 +0200, Matthias Dieter Wallnöfer wrote:
>> Hi abartlet,
>> sorry for the noise but I basically pushed a slightly modified variation
>> of your patch, Andrew. And thought that this would be fine for you. And
>> yes, it's not a definite solution - since as I stated in the commit
>> comment - we need to implement full server signing to cover all aspects.
> Yes, and that patch was clearly described as and remains a work in
> progress that has well known issues.  Just modifying it until it passes
> 'make test' without understanding the problem, or what the modifications
> did is not a solution.
> Please revert, and do not attempt to fix this bug without signoff by
> both metze and myself.
> I am yet to be convinced that this issue (affecting a now 10 year old OS
> that is no longer in receipt of even security fixes) can be safely
> fixed.
> Andrew Bartlett

More information about the samba-technical mailing list