13427 – broken server side GENSEC_FEATURE_LDAP_STYLE handling (NTLMSSP NTLM2 packet check failed due to invalid signature!)

Bug 13427 - broken server side GENSEC_FEATURE_LDAP_STYLE handling (NTLMSSP NTLM2 packet check failed due to invalid signature!)

Summary: broken server side GENSEC_FEATURE_LDAP_STYLE handling (NTLMSSP NTLM2 packet c...

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.8.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-05-09 10:40 UTC by Stefan Metzmacher
Modified:	2018-06-05 12:00 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Possible patches for master (6.67 KB, patch) 2018-05-09 12:11 UTC, Stefan Metzmacher	no flags	Details
patch for 4.8 cherry-picked from master (7.71 KB, patch) 2018-05-16 10:15 UTC, Andrew Bartlett	metze: review+	Details
Patches for v4-7-test (7.66 KB, patch) 2018-05-16 14:06 UTC, Stefan Metzmacher	metze: review? (abartlet) bbaumbach: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2018-05-09 10:40:12 UTC

The combination of commits
77adac8c3cd2f7419894d18db735782c9646a202
(auth/ntlmssp: always allow NTLMSSP_NEGOTIATE_{SIGN,SEAL} in gensec_ntlmssp_server_start())
and 3a0b835408a6efa339e8b34333906bfe3aacd6e3
(s4:ldap_server: don't use gensec_want_feature(gensec_security, GENSEC_FEATURE_{SIGN,SEAL}) as server) introduced a regression.

As result the GENSEC_FEATURE_LDAP_STYLE feature
(were NTLMSSP_NEGOTIATE_SIGN implicitly means NTLMSSP_NEGOTIATE_SEAL)
doesn't work anymore as server.

Comment 1 Stefan Metzmacher 2018-05-09 12:11:47 UTC

Created attachment 14187 [details]
Possible patches for master

Comment 2 Andrew Bartlett 2018-05-16 10:15:48 UTC

Created attachment 14202 [details]
patch for 4.8 cherry-picked from master

Comment 3 Stefan Metzmacher 2018-05-16 14:06:41 UTC

Created attachment 14203 [details]
Patches for v4-7-test

Comment 4 Karolin Seeger 2018-06-04 06:55:28 UTC

Pushed to autobuild-v4-[7,8]-test.

Comment 5 Karolin Seeger 2018-06-05 12:00:10 UTC

Pushed to both branches.
Closing out bug report.

Thanks!