Patches for https://bugzilla.samba.org/show_bug.cgi?id=11061
Stefan (metze) Metzmacher
metze at samba.org
Mon Jun 22 23:21:13 MDT 2015
Am 23.06.2015 um 00:49 schrieb Andrew Bartlett:
> On Mon, 2015-06-22 at 22:23 +0200, Stefan (metze) Metzmacher wrote:
>> here're patches for https://bugzilla.samba.org/show_bug.cgi?id=11061
>> The problem is that the source3 rpc server uses 8 byte aligned
>> to the pdu start, while windows uses 16 byte aligned padding relative
>> to the
>> payload start. The heimdal gss_wrap() (called in
>> gensec_gssapi_seal_packet()) code assumes the windows behaviour when
>> working in dce_style mode. Otherwise is generated a too short
>> 68 bytes in this cases instead of the expected 76 bytes returned by
>> Please review and push.
> The patches look good, as much as I've been able to understand them,
> but my concern is this:
> How did this break, and how can we test this to ensure we don't break
> it again in the future?
Yes, I'll make sure we run rpc.winreq with krb5,sign krb5,seal against ad_dc
and maybe more environments.
That was able to reproduce the problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: OpenPGP digital signature
More information about the samba-technical