Parts of the Samba RPC client and server code misinterpret authenticated packets. DCE authenticated packets actually look like this : +--------------------------+ |header | | ... frag_len (packet len)| | ... auth_len | +--------------------------+ | | | Data payload | ... .... | | +--------------------------+ | | | auth_pad_len bytes | +--------------------------+ | | | Auth footer | | auth_pad_len value | +--------------------------+ | | | Auth payload | +--------------------------+ That's right. The pad bytes come *before* the footer specifying how many pad bytes there are. In order to read this you must seek to the end of the packet and subtract the auth_len (in the packet header) and the auth footer length (a known value). The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long as the pad alignment is on an 8 byte boundary (there are some special cases in the code for this). Tridge discovered there are some (DRS replication) cases where on 64-bit machines where the pad alignment is on a 16-byte boundary. This breaks the existing S3 hand-optimized rpc code. I have a patch for 3.5.x (and master) that removes all the special cases in client and server code, and allows the pad alignment for generated packets to be specified by changing a constant in include/local.h (this doesn't appect received packets, the new code always handles them correctly whatever pad alignment is used). Jeremy.
NB. In the above diagram, "Auth payload" is of length "auth_len" (from the packet header). Re-assigning to Jeremy to attach the patch.
Created attachment 5372 [details] git-am patch for 3.5.x Patch for 3.5.x. Which "x" we chose in this case I leave up to the reviewers :-). Jeremy.
Comment on attachment 5372 [details] git-am patch for 3.5.x Adding metze to review list.
Comment on attachment 5372 [details] git-am patch for 3.5.x Adding Guenther to the review list.
Created attachment 5389 [details] Second git-am fix for 3.5.x. Second part of fix. Ensure we calculate the space correctly (including the ss_padding_len) when constructing reply packets.
Created attachment 5390 [details] git-am patch for 3.5.x. Jumbo patch that contains all fixes applied to master as one git-am fix. Actually easier to understand this way as it removes intermediate incorrect space calculations from the patch stream. If I need to add any more fixes to master I'll keep this jumbo patch updated. Jeremy.
Is there a chance to get this one into 3.5.4?
This is fixed in all current releases