[Samba] Broken support for Smart Card Logon in Windows 2003 and XP

[Николай Домуховский]

> It's interesting, but mentioned code is unreachable in case of
> pa->padata_type == KRB5_PADATA_PA_AS_REQ_WIN - all lines with default
> cms algorithms settings are belong to else branch - maybe this is
> error, but, when I try copy lines with
> hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
>                            hx509_crypto_des_rsdi_ede3_cbc());
>        hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
>                            hx509_signature_rsa_with_md5());
>        hx509_peer_info_add_cms_alg(context->hx509ctx, cp->peer,
>                            hx509_signature_sha1());
>
> to first branch (just after cp->type = PKINIT_WIN2K;
> cp->nonce=ap.pkAuthenticator.nonce;) samba crashes, when it comes to
> this lines.
>
Found reason for this crash (I should also copy hx509_peer_info_alloc
code), but know samba crashes when it tries to make AS-REP (see
samba.log file in attachment - it crashes when it tries to make
signature in create_signature function).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba.zip
Type: application/zip
Size: 39719 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101024/3080b546/attachment.zip>