Patches for

Stefan (metze) Metzmacher metze at
Mon Jun 22 23:21:13 MDT 2015

Am 23.06.2015 um 00:49 schrieb Andrew Bartlett:
> On Mon, 2015-06-22 at 22:23 +0200, Stefan (metze) Metzmacher wrote:
>> Hi,
>> here're patches for
>> The problem is that the source3 rpc server uses 8 byte aligned 
>> padding
>> relative
>> to the pdu start, while windows uses 16 byte aligned padding relative 
>> to the
>> payload start. The heimdal gss_wrap() (called in
>> gensec_gssapi_seal_packet()) code assumes the windows behaviour when
>> working in dce_style mode. Otherwise is generated a too short 
>> signature
>> 68 bytes in this cases instead of the expected 76 bytes returned by
>> gensec_gssapi_sig_size().
>> Please review and push.
> The patches look good, as much as I've been able to understand them,
> but my concern is this:
> How did this break, and how can we test this to ensure we don't break
> it again in the future?

Yes, I'll make sure we run rpc.winreq with krb5,sign krb5,seal against ad_dc
and maybe more environments.

That was able to reproduce the problem.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list