The Samba-Bugzilla – Attachment 11162 Details for
Bug 11061
Logon via MS Remote Desktop hangs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Work in progress patches (on master)
bug-11061-hack.patches.01.txt (text/plain), 6.49 KB, created by
Stefan Metzmacher
on 2015-06-16 16:27:11 UTC
(
hide
)
Description:
Work in progress patches (on master)
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2015-06-16 16:27:11 UTC
Size:
6.49 KB
patch
obsolete
>From 19d6010d4019710efd6714bf5d42d896877998f9 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 16 Jun 2015 11:06:49 +0000 >Subject: [PATCH 1/2] debug > >--- > source3/librpc/crypto/gse.c | 1 + > source3/librpc/rpc/dcerpc_helpers.c | 7 +++++++ > source3/rpc_server/srv_pipe.c | 18 ++++++++++++++++++ > source4/auth/gensec/gensec_gssapi.c | 2 +- > 4 files changed, 27 insertions(+), 1 deletion(-) > >diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c >index 8db3cdd..edd857b 100644 >--- a/source3/librpc/crypto/gse.c >+++ b/source3/librpc/crypto/gse.c >@@ -567,6 +567,7 @@ static size_t gse_get_signature_length(struct gse_context *gse_ctx, > return 0; > } > >+ DEBUG(10,("seal[%u] payload[%u] sig[%u]\n", (unsigned)seal, (unsigned)payload_size, (unsigned)iov[0].buffer.length)); > return iov[0].buffer.length; > } > >diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c >index a9b24c8..b4cb194 100644 >--- a/source3/librpc/rpc/dcerpc_helpers.c >+++ b/source3/librpc/rpc/dcerpc_helpers.c >@@ -278,6 +278,7 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, > case DCERPC_AUTH_TYPE_SCHANNEL: > gensec_security = auth->auth_ctx; > *auth_len = gensec_sig_size(gensec_security, max_len); >+ DEBUG(10,("auth_len[%u] max_len[%u]\n", (unsigned)*auth_len,(unsigned)max_len)); > break; > default: > return NT_STATUS_INVALID_PARAMETER; >@@ -300,6 +301,9 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, > > *frag_len = header_len + *data_to_send + *pad_len > + DCERPC_AUTH_TRAILER_LENGTH + *auth_len; >+ DEBUG(10,("frag_len[%u] header_len[%u] data_to_send[%u] pad_len[%u] auth_len[%u]\n", >+ (unsigned)*frag_len, (unsigned)header_len, (unsigned)*data_to_send, >+ (unsigned)*pad_len, (unsigned)*auth_len)); > > return NT_STATUS_OK; > } >@@ -336,6 +340,9 @@ static NTSTATUS add_generic_auth_footer(struct gensec_security *gensec_security, > if (!NT_STATUS_IS_OK(status)) { > return status; > } >+ DEBUG(10,("auth_blob_len[%u] rpc_out->length[%u] data_and_pad_len[%u]\n", >+ (unsigned)auth_blob.length, (unsigned)rpc_out->length, >+ (unsigned)data_and_pad_len)); > break; > > case DCERPC_AUTH_LEVEL_INTEGRITY: >diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c >index 63323f8..0bd83db 100644 >--- a/source3/rpc_server/srv_pipe.c >+++ b/source3/rpc_server/srv_pipe.c >@@ -119,6 +119,7 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx, > size_t frag_len; > size_t pad_len = 0; > size_t auth_len = 0; >+ size_t frag_len2; > NTSTATUS status; > > ZERO_STRUCT(u.response); >@@ -171,7 +172,15 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx, > return status; > } > >+ DEBUG(10,("%s:%s: frag->length[%u]\n", __location__, __func__, >+ (unsigned)frag->length)); >+ dump_data(10, frag->data, frag->length); >+ frag_len2 = frag->length; > if (auth_len) { >+ frag_len2 += pad_len; >+ frag_len2 += DCERPC_AUTH_TRAILER_LENGTH; >+ frag_len2 += auth_len; >+ > /* Set the proper length on the pdu, including padding. > * Only needed if an auth trailer will be appended. */ > dcerpc_set_frag_length(frag, frag->length >@@ -180,6 +189,9 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx, > + auth_len); > } > >+ DEBUG(10,("%s:%s: frag->length[%u]\n", __location__, __func__, >+ (unsigned)frag->length)); >+ dump_data(10, frag->data, frag->length); > if (auth_len) { > status = dcerpc_add_auth_footer(auth, pad_len, frag); > if (!NT_STATUS_IS_OK(status)) { >@@ -188,6 +200,12 @@ static NTSTATUS create_next_packet(TALLOC_CTX *mem_ctx, > } > } > >+ DEBUG(10,("%s:%s: frag_len[%u] frag->length[%u]\n", __location__, __func__, >+ (unsigned)frag_len2, (unsigned)frag->length)); >+ dump_data(10, frag->data, frag->length); >+ >+ SMB_ASSERT(frag_len2 == frag->length); >+ > *pdu_size = data_to_send; > return NT_STATUS_OK; > } >diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c >index 5582102..a8ab9b3 100644 >--- a/source4/auth/gensec/gensec_gssapi.c >+++ b/source4/auth/gensec/gensec_gssapi.c >@@ -1066,11 +1066,11 @@ static NTSTATUS gensec_gssapi_seal_packet(struct gensec_security *gensec_securit > } > sig_length = output_token.length - input_token.length; > >- memcpy(data, ((uint8_t *)output_token.value) + sig_length, length); > *sig = data_blob_talloc(mem_ctx, (uint8_t *)output_token.value, sig_length); > > dump_data_pw("gensec_gssapi_seal_packet: sig\n", sig->data, sig->length); > dump_data_pw("gensec_gssapi_seal_packet: clear\n", data, length); >+ memcpy(data, ((uint8_t *)output_token.value) + sig_length, length); > dump_data_pw("gensec_gssapi_seal_packet: sealed\n", ((uint8_t *)output_token.value) + sig_length, output_token.length - sig_length); > > gss_release_buffer(&min_stat, &output_token); >-- >2.1.0 > > >From 47b638c12e95816e1f2f1608614c6156363f2c80 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 16 Jun 2015 11:17:04 -0500 >Subject: [PATCH 2/2] hack bug 11061... > >metze >--- > source3/librpc/rpc/dcerpc_helpers.c | 18 +++++++++--------- > source3/rpc_server/srv_pipe.c | 3 +++ > 2 files changed, 12 insertions(+), 9 deletions(-) > >diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c >index b4cb194..a8a164a 100644 >--- a/source3/librpc/rpc/dcerpc_helpers.c >+++ b/source3/librpc/rpc/dcerpc_helpers.c >@@ -24,6 +24,9 @@ > #include "librpc/crypto/gse.h" > #include "auth/gensec/gensec.h" > >+#undef CLIENT_NDR_PADDING_SIZE >+#define CLIENT_NDR_PADDING_SIZE 16 >+ > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_RPC_PARSE > >@@ -285,19 +288,16 @@ NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth, > } > > max_len -= *auth_len; >+ max_len -= pad_alignment; > > *data_to_send = MIN(max_len, data_left); > >- mod_len = (header_len + *data_to_send) % pad_alignment; >- if (mod_len) { >- *pad_len = pad_alignment - mod_len; >- } else { >- *pad_len = 0; >- } >+ mod_len = (*data_to_send) % pad_alignment; >+ *pad_len = pad_alignment - mod_len; > >- if (*data_to_send + *pad_len > max_len) { >- *data_to_send -= pad_alignment; >- } >+ //if (*data_to_send + *pad_len > max_len) { >+ // *data_to_send -= pad_alignment; >+ //} > > *frag_len = header_len + *data_to_send + *pad_len > + DCERPC_AUTH_TRAILER_LENGTH + *auth_len; >diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c >index 0bd83db..3ee2198 100644 >--- a/source3/rpc_server/srv_pipe.c >+++ b/source3/rpc_server/srv_pipe.c >@@ -45,6 +45,9 @@ > #include "auth/gensec/gensec.h" > #include "librpc/ndr/ndr_dcerpc.h" > >+#undef SERVER_NDR_PADDING_SIZE >+#define SERVER_NDR_PADDING_SIZE 16 >+ > #undef DBGC_CLASS > #define DBGC_CLASS DBGC_RPC_SRV > >-- >2.1.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 11061
:
10637
|
10981
|
10982
|
10999
|
11000
|
11001
|
11008
|
11009
|
11120
|
11162
|
11184
|
11212
|
11213