Bug 14134 - non-AES schannel broken
Summary: non-AES schannel broken
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 4.11.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-09-19 00:35 UTC by Guenther Deschner
Modified: 2019-10-17 07:27 UTC (History)
3 users (show)

See Also:


Attachments
proposed patch for master (1.09 KB, patch)
2019-09-23 15:40 UTC, Guenther Deschner
no flags Details
patch for v4-11 (15.17 KB, patch)
2019-10-08 17:23 UTC, Guenther Deschner
asn: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2019-09-19 00:35:25 UTC
Most likely related to the ongoing crypto conversion, quickest way to reproduce in the client:

 libcli/auth/netlogon_creds_cli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 50a5f50a57d..1483042a529 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -344,7 +344,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
                                                   neutralize_nt4_emulation);
 
        proposed_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-       proposed_flags |= NETLOGON_NEG_SUPPORTS_AES;
+       //proposed_flags |= NETLOGON_NEG_SUPPORTS_AES;
 
        switch (type) {
        case SEC_CHAN_WKSTA:

rpcclient gdw2k16dc -U user%password -c "schannel; transport ncacn_ip_tcp; lookupsids3 S-1-1-0"
Comment 1 Guenther Deschner 2019-09-23 15:40:06 UTC
Created attachment 15485 [details]
proposed patch for master
Comment 2 Guenther Deschner 2019-09-23 15:41:38 UTC
Please note this is in 4.11.0 already, AES schannel is also not working but that is only in master.
Comment 3 Guenther Deschner 2019-10-08 17:23:06 UTC
Created attachment 15520 [details]
patch for v4-11
Comment 4 Andreas Schneider 2019-10-11 06:56:58 UTC
Karolin, please add the patches to v4.11. Thanks!
Comment 5 Karolin Seeger 2019-10-16 11:06:55 UTC
(In reply to Andreas Schneider from comment #4)
Pushed to autobuild-v4-11-test.
Comment 6 Karolin Seeger 2019-10-17 07:27:15 UTC
(In reply to Karolin Seeger from comment #5)
Pushed to v4-11-test.
Closing out bug report.

Thanks!