[PATCH] Re: netlogon_creds_cli_validate() in master4-schannel

Stefan (metze) Metzmacher metze at samba.org
Sun Jan 5 15:46:05 MST 2014


Am 05.01.2014 23:13, schrieb Andrew Bartlett:
> On Sun, 2014-01-05 at 13:55 +0100, Stefan (metze) Metzmacher wrote:
>> Hi Andrew,
>>
>>>> No, I just need to retest with this code.
>>>>
>>>> You could try to fix the flakey tests we currently have...:-)
>>>
>>> This fixes samba.tests.docs
>>
>> Thanks!
>>
>> I've added rpc header signing support and
>> dcerpc_sec_verification_trailer support (s3 client only for now) to my
>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-schannel-ok
>> branch.
>>
>> I'll retest this against Samba 3.0, 3.2, 3.4, ...
>> and windows NT4 sp6a, 2000, ...
>>
>> If the tests are ok, we can finally push to master.
> 
> One final thing (sorry), but if you can push the docs with the new
> parameters in a single commit, then the result will be bisect-able
> across a full make test. 

Ok, I'll try to let every commit pass autobuild.

Can I have your review on the new patches?

With this wireshark branch:
https://git.samba.org/?p=metze/wireshark/wip.git;a=shortlog;h=refs/heads/ws-metze-gssapi-20140105
You can have a look at captures, with experiments of the verification
trailer against
windows 2012.
https://www.samba.org/~metze/ads/caps/netlogon/v4-0-schannel/20140103/

This captures show that the code still works against old Samba 3.0
and Windows 2000 both without support for the verification trailer nor
header signing.
Windows 2008r2 and Windows 2012 also work just fine:

https://www.samba.org/~metze/ads/caps/netlogon/v4-0-schannel/20140105/

I'll test NT4.0 SP6a and more Samba versions tomorrow.

metze


More information about the samba-technical mailing list