It seems that some netapp diag tool uses an invalid av_pair blob in order to test netr_LogonSamLogonEx with NTLMv2. In NTLMv2_RESPONSE_verify_netlogon_creds() we try to parse the av_pair in order to apply restriction on the used computer/domain names for workstation trusts. Windows doesn't check the av_pair or at least ignore parsing errors in netr_LogonSamLogonEx(). However a parsing error in the NTLMSSP handling of an AUTHENTICATE_MESSAGE results in NT_STATUS_INVALID_PARAMETER. Samba returns NT_STATUS_BUFFER_TOO_SMALL in both cases.
This bug was referenced in samba master: 0ef1254f4428ab83ab6c8ca5e3415a1a9e069c92 e7e521fe9b947e553e2bf093e93f1d66ae9c95b9 f123c1a171e59113feb688523b499dab0b824528 23bedd69b2db0dd6de98ed147eddcba799694de7 e0b705d26f0b151ba52d1f9f5504f622fadf7d7c dd9886100514941aa16af8566faf41501b601a44
Created attachment 17095 [details] Patches for v4-15-test
Created attachment 17096 [details] Patches for v4-14-test (with less backported tests)
Comment on attachment 17095 [details] Patches for v4-15-test Sorry Metze, this fails with: ../../source4/torture/rpc/schannel.c: In function ‘test_netlogon_ex_bug14932’: ../../source4/torture/rpc/schannel.c:283:43: error: implicit declaration of function ‘popt_get_cmdline_credentials’ [-Werror=implicit-function-declaration] 283 | cli_credentials_get_ntlm_username_domain(popt_get_cmdline_credentials(), | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comment on attachment 17095 [details] Patches for v4-15-test I think the fixes themselves are good, just needs some back-porting to cope with the command-line changes.
Comment on attachment 17095 [details] Patches for v4-15-test Doh ! Please ignore the previous comments. I applied the 4.14 patch to the 4.15 codebase :-(. Patch for 4.15 is good. Sorry for the noise :-(.
Re-assigning to Jule for inclusion in 4.15.next, 4.14.next.
Pushed to autobuild-v4-{15,14}-test.
This bug was referenced in samba v4-15-test: 058c8a5278dcf8b282225620ac5cb021095dcff6 3ffd53f9e7603e67d2f1efd1eb359a16b6ae77d8 aa9889230fe647fbe0c4de9326548fd36c526895 a4bf80d820327f6e4f6763760ecce171428bae66 af3c6b570f21efee8bbe5f4fc64836ef8a71d6ce 2a59fd316f7e512c694ef59d8e9780083e00f9bf
This bug was referenced in samba v4-14-test: c51625b48308e3ac5f4e450e748fc17bdd9fb7bf ab38fec433f42cae11cd6d61a80c40fb57d017c3 74aca02a8f152cc99c32fb4e371a9db34772a5f7 13ba2002bc1d1407eb71a59dbe9d6bbfa153f249 1d181de02de351c106fbea694a922e39ffbbae63
Closing out bug report. Thanks!
This bug was referenced in samba v4-15-stable (Release samba-4.15.4): 058c8a5278dcf8b282225620ac5cb021095dcff6 3ffd53f9e7603e67d2f1efd1eb359a16b6ae77d8 aa9889230fe647fbe0c4de9326548fd36c526895 a4bf80d820327f6e4f6763760ecce171428bae66 af3c6b570f21efee8bbe5f4fc64836ef8a71d6ce 2a59fd316f7e512c694ef59d8e9780083e00f9bf
This bug was referenced in samba v4-14-stable (Release samba-4.14.13): c51625b48308e3ac5f4e450e748fc17bdd9fb7bf ab38fec433f42cae11cd6d61a80c40fb57d017c3 74aca02a8f152cc99c32fb4e371a9db34772a5f7 13ba2002bc1d1407eb71a59dbe9d6bbfa153f249 1d181de02de351c106fbea694a922e39ffbbae63