Bug 7890 - cifs-util: GSSAPI 0x8003 checksum uses wrong channel bindings
Summary: cifs-util: GSSAPI 0x8003 checksum uses wrong channel bindings
Status: RESOLVED FIXED
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: user space tools (show other bugs)
Version: 2.6
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Jeff Layton
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-12-27 10:07 UTC by Stefan Metzmacher
Modified: 2011-02-01 13:03 UTC (History)
3 users (show)

See Also:


Attachments
Patches to use krb5_auth_con_set_req_cksumtype() (4.96 KB, patch)
2010-12-27 14:33 UTC, Stefan Metzmacher
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2010-12-27 10:07:28 UTC
Some closed source SMB servers, check the gssapi channel bindings,
and don't support the address type 255 for null bindings.

Both heimdal and mit use 16 zero bytes instead of a md5 checksum
of the channel bindings.

See also:
https://bugzilla.redhat.com/show_bug.cgi?id=645127
https://bugzilla.redhat.com/show_bug.cgi?id=622790
Comment 1 Stefan Metzmacher 2010-12-27 14:33:57 UTC
Created attachment 6171 [details]
Patches to use krb5_auth_con_set_req_cksumtype()
Comment 2 Jeff Layton 2010-12-27 19:46:43 UTC
Thanks Metze, any chance you could post these to the linux-cifs mailing list with a description of the problem? They look fine at first glance, aside from the bare 0x8003. It seems like that ought to have a #define'd constant added with a descriptive name.
Comment 3 Stefan Metzmacher 2010-12-28 02:54:26 UTC
Done, but I've extended the comment to explain where 0x8003 is comming from
(RFC 4121), instead of adding a define, which would be only used in one place.
Comment 4 Jeff Layton 2011-02-01 13:03:03 UTC
This is now in cifs-utils-4.8.1. Closing bug as FIXED.