Bug 12986 - Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue
Summary: Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.7.0rc4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-25 15:45 UTC by Stefan Metzmacher
Modified: 2018-01-02 08:51 UTC (History)
5 users (show)

See Also:

Attachments
Possible backport patches for master (3.16 KB, patch)
2017-08-25 15:45 UTC, Stefan Metzmacher 		no flags Details
Possible backport patches for master (3.27 KB, patch)
2017-08-25 15:59 UTC, Stefan Metzmacher 		no flags Details
Patches for v4-7-test (3.63 KB, patch)
2017-08-28 13:15 UTC, Stefan Metzmacher 		abartlet: review+
Details
Patches for v4-6-test (3.63 KB, patch)
2017-08-28 13:18 UTC, Stefan Metzmacher 		abartlet: review+
Details
Patches for v4-7-test (including the typo fix) (4.68 KB, patch)
2017-12-13 12:22 UTC, Stefan Metzmacher 		metze: review? (abartlet)
asn: review+
Details
Patches for v4-6-test (including the typo fix) (4.68 KB, patch)
2017-12-13 12:23 UTC, Stefan Metzmacher 		metze: review? (abartlet)
asn: review+
Details
Patches for v4-5-test (including the typo fix) just as reference (4.68 KB, patch)
2017-12-13 12:26 UTC, Stefan Metzmacher 		no flags Details
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2017-08-25 15:45:27 UTC 
Created attachment 13504 [details]
Possible backport patches for master

krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Client sent patypes: PK-INIT(ietf), OCSP, 128
[2017/08/22 14:29:00.910355,  3] ../source4/auth/kerberos/
krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Looking for PKINIT pa-data -- testsso\@realm@REALM
[2017/08/22 14:29:00.911763,  3] ../source4/auth/kerberos/
krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue
[2017/08/22 14:29:00.911844,  3] ../source4/auth/kerberos/
krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Failed to decode PKINIT PA-DATA -- testsso\@realm@REALM
Comment 1 Stefan Metzmacher 2017-08-25 15:59:59 UTC 
Created attachment 13505 [details]
Possible backport patches for master

This time with BUG: line...
Comment 2 Stefan Metzmacher 2017-08-28 08:30:57 UTC 
Vmware Horizon skips the 'q' part of DomainParameters...
Comment 3 Stefan Metzmacher 2017-08-28 13:15:38 UTC 
Created attachment 13510 [details]
Patches for v4-7-test
Comment 4 Stefan Metzmacher 2017-08-28 13:18:15 UTC 
Created attachment 13511 [details]
Patches for v4-6-test
Comment 5 Stefan Metzmacher 2017-08-29 05:28:01 UTC 
There's an additional fix coming... See
https://lists.samba.org/archive/samba-technical/2017-August/122606.html
Comment 6 Stefan Metzmacher 2017-12-13 12:22:29 UTC 
Created attachment 13858 [details]
Patches for v4-7-test (including the typo fix)
Comment 7 Stefan Metzmacher 2017-12-13 12:23:51 UTC 
Created attachment 13859 [details]
Patches for v4-6-test (including the typo fix)
Comment 8 Stefan Metzmacher 2017-12-13 12:26:13 UTC 
Created attachment 13860 [details]
Patches for v4-5-test (including the typo fix) just as reference

This is not for upstream as 4.5 doesn't get bug fixes anymore.
I'm only attaching it in case someone needs it.
Comment 9 Karolin Seeger 2017-12-23 20:16:19 UTC 
Pushed to autobuild-v4-{7,6}-test.
Comment 10 Karolin Seeger 2018-01-02 08:51:02 UTC 
(In reply to Karolin Seeger from comment #9)
Pushed to both branches.
Closing out bug report.

Thanks!