[PATCH] Fix invocation of gnutls_aead_cipher_encrypt() (was: Provisioning fails on 4.8.0 on FreeBSD)
Garming Sam
garming at catalyst.net.nz
Thu Mar 22 21:31:28 UTC 2018
Filed a bug: https://bugzilla.samba.org/show_bug.cgi?id=13352
I'll push the fix to autobuild, and then probably backport it.
Cheers,
Garming
On 22/03/18 17:59, Timur I. Bakeyev via samba-technical wrote:
> Thanks to Garming I was able to figure out what was the problem.
>
> Besides mixed up block and tag sizes, the invocation of the
> gnutls_aead_cipher_encrypt() requires the last parameter to be initialized
> with the maximum buffer size:
>
> int gnutls_aead_cipher_encrypt (gnutls_aead_cipher_hd_t handle, const void
> * nonce, size_t nonce_len, const void * auth, size_t auth_len, size_t
> tag_size, const void * ptext, size_t ptext_len, void * ctext, size_t *
> ctext_len)
>
> ...
>
> ctext_len: the length of encrypted data (initially must hold the maximum
> available size, including space for tag)
>
> Please, review and commit.
>
> With best regards,
> Timur Bakeyev.
>
> On 15 March 2018 at 00:07, Timur I. Bakeyev <timur at freebsd.org> wrote:
>
>> Hi!
>>
>> I know that AD DC provisioning was crippled on FreeBSD for quite a
>> while,so I tried once again with the hope that in 4.8.0 the situation has
>> changed. Well, now I got quite anew error message while trying:
>>
>> # /usr/local/bin/samba-tool domain provision --realm 'DOMAIN.FREEBSD'
>> --domain 'DOMAIN' --dns-backend 'SAMBA_INTERNAL' --server-role 'dc'
>> Administrator password will be set randomly!
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> Setting up secrets.ldb
>> Setting up the registry
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> Unable to determine the DomainSID, can not enforce uniqueness constraint
>> on local domainSIDs
>>
>> Adding DomainDN: DC=domain,DC=freebsd
>> Adding configuration container
>> Setting up sam.ldb schema
>> Setting up sam.ldb configuration data
>> Setting up display specifiers
>> Modifying display specifiers and extended rights
>> Adding users container
>> Modifying users container
>> Adding computers container
>> Modifying computers container
>> Setting up sam.ldb data
>> Setting up well known security principals
>> Setting up sam.ldb users and groups
>> ERROR(ldb): uncaught exception - gnutls_aead_cipher_encrypt 'failed
>> GNUTLS_E_SHORT_MEMORY_BUFFER - The given memory buffer is too short to hold
>> parameters.
>>
>> File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>> line 176, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py",
>> line 500, in run
>> plaintext_secrets=plaintext_secrets)
>> File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 2276, in provision
>> skip_sysvolacl=skip_sysvolacl)
>> File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 1870, in provision_fill
>> next_rid=next_rid, dc_rid=dc_rid)
>> File "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py",
>> line 1524, in fill_samdb
>> "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
>> File "/usr/local/lib/python2.7/site-packages/samba/provision/common.py",
>> line 55, in setup_add_ldif
>> ldb.add_ldif(data, controls)
>> File "/usr/local/lib/python2.7/site-packages/samba/__init__.py", line
>> 229, in add_ldif
>> self.add(msg, controls)
>>
>> So, what do I miss and where I can increase the buffer size?
>>
>> With regards,
>> Timur Bakeyev.
>>
More information about the samba-technical
mailing list