[Badlock] Patch for samba3.6.25 makes clients fail to logon
KAMEI Yutaka
kamei at osstech.co.jp
Thu Apr 14 10:44:23 UTC 2016
Hi,
After applying the security patch for Samba 3.6.25 to my PDC system,
clients fail to logon.
In this patch, the bitmask1 variable is set to 0 in
srv_pipe_check_verification_trailer().
This always makes clients fail to logon.
> @@ -1545,6 +1546,40 @@ static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt,
> const struct api_struct *api_rpc_cmds, int n_cmds,
> const struct ndr_syntax_id *syntax);
>
> +static bool srv_pipe_check_verification_trailer(struct pipes_struct *p,
> + struct ncacn_packet *pkt,
> + struct pipe_rpc_fns *pipe_fns)
> +{
> + TALLOC_CTX *frame = talloc_stackframe();
> + struct dcerpc_sec_verification_trailer *vt = NULL;
> + const uint32_t bitmask1 = 0;
-- snip --
> +
> + ret = dcerpc_sec_verification_trailer_check(vt, &bitmask1,
> + &pcontext, &header2);
When I tried to set the bitmask1 value to 1, client logon succeeded.
I think that the bitmask1 should be set by client request
packet, but DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN pfc_flags is not set
when clients try to logon to Samba PDC.
What the bitmask1 value should be set to?
--
KAMEI Yutaka
Open Source Solution Technology Corporation
Email: kamei at osstech.co.jp
Phone: +81-3-6417-0753
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160414/b2b02e32/signature.sig>
More information about the samba-technical
mailing list