s4:rpc_server/dcesrv_auth.c - Fix a RPC issue in conjunction with Windows 2000
Matthias Dieter Wallnöfer
mdw at samba.org
Sun May 30 06:53:19 MDT 2010
Andrew,
if you are so concerned I don't have another possibility other than to
revert it. I just would like to bring to attention that the mentioned
"special" RPC calls work against Windows Server 2008 - so the problem is
definitely valid.
Before I pushed this fix I tried also to activate our header-sign
support ("dcesrv:header sign = yes" in smb.conf) - which would be the
expected solution. But then the whole schannel interactions with the
Windows client broke.
I revert but I wish that you or metze take care about the issue and see
what's still missing in our own RPC header-sign implementation. If this
is fixed then we are done.
Matthias
Andrew Bartlett wrote:
> On Sun, 2010-05-30 at 14:22 +0200, Matthias Dieter Wallnöfer wrote:
>
>> Hi abartlet,
>>
>> sorry for the noise but I basically pushed a slightly modified variation
>> of your patch, Andrew. And thought that this would be fine for you. And
>> yes, it's not a definite solution - since as I stated in the commit
>> comment - we need to implement full server signing to cover all aspects.
>>
> Yes, and that patch was clearly described as and remains a work in
> progress that has well known issues. Just modifying it until it passes
> 'make test' without understanding the problem, or what the modifications
> did is not a solution.
>
> Please revert, and do not attempt to fix this bug without signoff by
> both metze and myself.
>
> I am yet to be convinced that this issue (affecting a now 10 year old OS
> that is no longer in receipt of even security fixes) can be safely
> fixed.
>
> Andrew Bartlett
>
>
More information about the samba-technical
mailing list