[Samba] Leopard Macs using Kerberos: Failed to parse negTokenTarg
Jeremy Allison
jra at samba.org
Tue Aug 5 20:36:27 GMT 2008
On Tue, Aug 05, 2008 at 01:02:49PM -0700, Kai Lanz wrote:
>
> I think I've found out why MacOS 10.5.x (Leopard) clients are unable to
> connect to Samba shares when authenticating with Kerberos. Basically,
> the
> Leopard Macs insert a few extra bytes (Padding and reqFlags, according to
> wireshark) into the security blob within the Session Setup AndX Request
> packet, bytes whose start tag is 0xa1, in a spot where Samba's parser
> expects 0xa2. The critical error is "Failed to parse negTokenTarg at
> offset
> 54", which looks like it's being caused by the call
>
> asn1_start_tag(&data, ASN1_CONTEXT(2));
>
> in parse_negTokenTarg().
In Samba 3.2.0 and 3.2.1 this is fixed by the following
code in parse_negTokenTarg().
/* Skip any optional req_flags that are sent per RFC 4178 */
if (asn1_check_tag(&data, ASN1_CONTEXT(1))) {
uint8 flags;
asn1_start_tag(&data, ASN1_CONTEXT(1));
asn1_start_tag(&data, ASN1_BITFIELD);
while (asn1_tag_remaining(&data) > 0)
asn1_read_uint8(&data, &flags);
asn1_end_tag(&data);
asn1_end_tag(&data);
}
I'd try an upgrade :-).
Jeremy.
More information about the samba
mailing list