Bug 7883 - GSSAPI 0x8003 checksum uses wrong channel bindings
Summary: GSSAPI 0x8003 checksum uses wrong channel bindings
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: Client Tools (show other bugs)
Version: 3.5.6
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL: https://bugzilla.redhat.com/show_bug....
Keywords:
Depends on:
Blocks:
 
Reported: 2010-12-23 01:16 UTC by Stefan Metzmacher
Modified: 2011-01-08 10:06 UTC (History)
4 users (show)

See Also:


Attachments
Backport Patch for v3-5-test (4.34 KB, patch)
2010-12-23 11:53 UTC, Stefan Metzmacher
metze: review? (jra)
gd: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2010-12-23 01:16:26 UTC
Some closed source SMB servers, check the gssapi channel bindings,
and don't support the address type 255 for null bindings.

Both heimdal and mit use 16 zero bytes instead of a md5 checksum
of the channel bindings.

See also:
https://bugzilla.redhat.com/show_bug.cgi?id=645127
https://bugzilla.redhat.com/show_bug.cgi?id=622790
Comment 1 Stefan Metzmacher 2010-12-23 11:53:15 UTC
Created attachment 6164 [details]
Backport Patch for v3-5-test

This revert some of the changes for
https://bugzilla.samba.org/show_bug.cgi?id=7583

But we match the behavior of windows, heimdal and mit now.
Comment 2 Stefan Metzmacher 2010-12-31 13:17:25 UTC
Jeremy, the new behavior matches RFC 4121...

Can you please ack the patch? 
Comment 3 Guenther Deschner 2011-01-06 04:40:58 UTC
Comment on attachment 6164 [details]
Backport Patch for v3-5-test

looks good and has been successfully tested (see redhat bug)
Comment 4 Guenther Deschner 2011-01-06 04:41:28 UTC
Karolin, please pick for 3.5.x
Comment 5 Karolin Seeger 2011-01-08 10:06:11 UTC
Pushed to v3-5-test.
Closing out bug report.

Thanks!