Bug 14134 - non-AES schannel broken
Summary: non-AES schannel broken
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 4.11.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-09-19 00:35 UTC by Guenther Deschner
Modified: 2019-10-17 07:27 UTC (History)
3 users (show)

See Also:

Attachments
proposed patch for master (1.09 KB, patch)
2019-09-23 15:40 UTC, Guenther Deschner 		no flags Details
patch for v4-11 (15.17 KB, patch)
2019-10-08 17:23 UTC, Guenther Deschner 		asn: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2019-09-19 00:35:25 UTC 
Most likely related to the ongoing crypto conversion, quickest way to reproduce in the client:

 libcli/auth/netlogon_creds_cli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 50a5f50a57d..1483042a529 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -344,7 +344,7 @@ NTSTATUS netlogon_creds_cli_context_global(struct loadparm_context *lp_ctx,
                                                   neutralize_nt4_emulation);
 
        proposed_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
-       proposed_flags |= NETLOGON_NEG_SUPPORTS_AES;
+       //proposed_flags |= NETLOGON_NEG_SUPPORTS_AES;
 
        switch (type) {
        case SEC_CHAN_WKSTA:

rpcclient gdw2k16dc -U user%password -c "schannel; transport ncacn_ip_tcp; lookupsids3 S-1-1-0"
Comment 1 Guenther Deschner 2019-09-23 15:40:06 UTC 
Created attachment 15485 [details]
proposed patch for master
Comment 2 Guenther Deschner 2019-09-23 15:41:38 UTC 
Please note this is in 4.11.0 already, AES schannel is also not working but that is only in master.
Comment 3 Guenther Deschner 2019-10-08 17:23:06 UTC 
Created attachment 15520 [details]
patch for v4-11
Comment 4 Andreas Schneider 2019-10-11 06:56:58 UTC 
Karolin, please add the patches to v4.11. Thanks!
Comment 5 Karolin Seeger 2019-10-16 11:06:55 UTC 
(In reply to Andreas Schneider from comment #4)
Pushed to autobuild-v4-11-test.
Comment 6 Karolin Seeger 2019-10-17 07:27:15 UTC 
(In reply to Karolin Seeger from comment #5)
Pushed to v4-11-test.
Closing out bug report.

Thanks!