note to myself: schannel verifier from w2k8r2 size is not 0x20 (32) but 0x38 (56) (just as the NL_AUTH_SHA2_SIGNATURE (see ms-nrpc 2.2.1.3.3 and 2.2.1.3.2)). what we should do is to just cope with the larger buffer, check the seal and sign algorithms and ignore the remaining 12 bytes (if they are all zeroe - which they are).
Created attachment 4658 [details] fix schannel verifier validation for interdomain trusts with w2k8r2 dcs
Patch is in master now. Karolin, please pull for 3.4.1.
Pushed, will be included in 3.4.1. Closing out bug report. Thanks!
sorry, we need to have this fix in 3.3 as well.
Pushed to v3-3-test. Closing out bug report. Thanks!
There seems to be a NULL pointer deref in v3-3-test.
Created attachment 4936 [details] protect rpc_pipe_np_smb_conn against a NULL struct rpc_pipe_client.
Comment on attachment 4936 [details] protect rpc_pipe_np_smb_conn against a NULL struct rpc_pipe_client. Looks good
Created attachment 4937 [details] make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK.
Comment on attachment 4937 [details] make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK. looks good
Ok, Karolin please pick the 2nd patch (protect rpc_pipe_np_smb_conn against a NULL struct rpc_pipe_client) to v3-3-test and the 3rd patch (make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK.) to v3-3-test and v3-4-test.
Pushed. Closing out bug report. Thank! Karolin