Bug 6697 - interdomain trusts broken with w2k8r2
Summary: interdomain trusts broken with w2k8r2
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.4.0
Hardware: Other Windows 2008 R2
: P3 critical
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-07 11:03 UTC by Guenther Deschner
Modified: 2009-11-11 07:42 UTC (History)
0 users

See Also:


Attachments
fix schannel verifier validation for interdomain trusts with w2k8r2 dcs (1.60 KB, patch)
2009-09-08 05:02 UTC, Guenther Deschner
metze: review+
Details
protect rpc_pipe_np_smb_conn against a NULL struct rpc_pipe_client. (836 bytes, patch)
2009-11-10 04:08 UTC, Guenther Deschner
metze: review+
Details
make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK. (1.06 KB, patch)
2009-11-10 09:11 UTC, Guenther Deschner
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2009-09-07 11:03:59 UTC
note to myself: schannel verifier from w2k8r2 size is not 0x20 (32) but 0x38 (56) (just as the  NL_AUTH_SHA2_SIGNATURE (see ms-nrpc 2.2.1.3.3 and 2.2.1.3.2)). what we should do is to just cope with the larger buffer, check the seal and sign algorithms and ignore the remaining 12 bytes (if they are all zeroe - which they are).
Comment 1 Guenther Deschner 2009-09-08 05:02:47 UTC
Created attachment 4658 [details]
fix schannel verifier validation for interdomain trusts with w2k8r2 dcs
Comment 2 Guenther Deschner 2009-09-08 05:36:07 UTC
Patch is in master now.

Karolin, please pull for 3.4.1.
Comment 3 Karolin Seeger 2009-09-08 05:40:54 UTC
Pushed, will be included in 3.4.1.
Closing out bug report.

Thanks!
Comment 4 Guenther Deschner 2009-09-08 09:18:05 UTC
sorry, we need to have this fix in 3.3 as well.
Comment 5 Karolin Seeger 2009-09-08 09:24:31 UTC
Pushed to v3-3-test.
Closing out bug report.

Thanks!
Comment 6 Guenther Deschner 2009-11-10 04:07:47 UTC
There seems to be a NULL pointer deref in v3-3-test.
Comment 7 Guenther Deschner 2009-11-10 04:08:54 UTC
Created attachment 4936 [details]
protect rpc_pipe_np_smb_conn against a NULL struct rpc_pipe_client.
Comment 8 Stefan Metzmacher 2009-11-10 04:32:21 UTC
Comment on attachment 4936 [details]
protect rpc_pipe_np_smb_conn against a NULL struct rpc_pipe_client.

Looks good
Comment 9 Guenther Deschner 2009-11-10 09:11:19 UTC
Created attachment 4937 [details]
make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK.
Comment 10 Stefan Metzmacher 2009-11-10 09:48:56 UTC
Comment on attachment 4937 [details]
make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK.

looks good
Comment 11 Guenther Deschner 2009-11-11 06:24:21 UTC
Ok, Karolin please pick the 2nd patch (protect rpc_pipe_np_smb_conn against a NULL struct rpc_pipe_client) to v3-3-test and the 3rd patch (make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK.) to v3-3-test and v3-4-test.
Comment 12 Karolin Seeger 2009-11-11 07:42:18 UTC
Pushed. Closing out bug report.

Thank!

Karolin