[Bug 37527] New: Multiple games and applications fail to connect/login via SSL, reporting 'schannel failed to setup sequence detection' (Desura client, Darkfall, ARMA II multiplayer)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Nov 9 09:08:13 CST 2014
https://bugs.winehq.org/show_bug.cgi?id=37527
Bug ID: 37527
Summary: Multiple games and applications fail to connect/login
via SSL, reporting 'schannel failed to setup sequence
detection' (Desura client, Darkfall, ARMA II
multiplayer)
Product: Wine
Version: 1.7.30
Hardware: x86
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: secur32
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
found this while trying out Desura client for Windows.
The Linux client was discontinued/broken some time ago hence this might be
useful for the 5 users left wanting to play with an up-to-date Desura :)
A quick search turned up some more hits on this error:
Desura -> https://forum.winehq.org/viewtopic.php?f=8&t=22986
ArmA II: Operation Arrowhead -> appdb, Multiplayer
Darkfall -> reported multiple times in WineHQ forums, no resolution
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Desura
$ WINEDEBUG=+tid,+seh,+relay,+secur32 wine ./desura.exe >>log.txt 2>&1
...
002e:trace:secur32:InitializeSecurityContextA 0x2638f68 0x2638f08
"secure.desura.com" 0x0000811c 0 0 0xba0e154 0 (nil) 0xba0e148 0x2637970
0x2638f10
002e:trace:secur32:schan_InitializeSecurityContextA 0x2638ef0 0x2638f20
"secure.desura.com" 33052 0 0 0xba0e154 0 (nil) 0xba0e148 0x2637970 0x2638f10
...
002e:trace:secur32:schan_InitializeSecurityContextW 0x2638ef0 0x2638f20
L"secure.desura.com" 0x0000811c 0 0 0xba0e154 0 (nil) 0xba0e148 0x2637970
0x2638f10
002e:trace:secur32:dump_buffer_desc Buffer desc 0xba0e154:
002e:trace:secur32:dump_buffer_desc buffer 0: cbBuffer 258, BufferType 0x2
pvBuffer 0x2635b68
002e:trace:secur32:dump_buffer_desc buffer 1: cbBuffer 0, BufferType 0
pvBuffer (nil)
002e:trace:secur32:dump_buffer_desc Buffer desc 0xba0e148:
002e:trace:secur32:dump_buffer_desc buffer 0: cbBuffer 0, BufferType 0x2
pvBuffer (nil)
002e:trace:secur32:dump_buffer_desc buffer 1: cbBuffer 0, BufferType 0x11
pvBuffer (nil)
002e:trace:secur32:schan_InitializeSecurityContextW Using expected_size 258.
...
002e:trace:secur32:schan_imp_handshake Handshake completed
...
002e:trace:secur32:ApplyControlToken 0x2638f08 0xba0e178
...
002e:Call
KERNEL32.FormatMessageA(00001200,00000000,80090302,00000000,0ba0e040,000000ff,00000000)
ret=017216ce
002e:Ret KERNEL32.FormatMessageA() retval=00000000 ret=017216ce
...
002e:trace:secur32:InitializeSecurityContextA 0x2638f68 0x2638f08
"secure.desura.com" 0x0000811c 0 0 (nil) 0 0x2638f08 0xba0e184 0x2637970
0x2638f10
002e:trace:secur32:schan_InitializeSecurityContextA 0x2638ef0 0x2638f20
"secure.desura.com" 33052 0 0 (nil) 0 0xba0e0c8 0xba0e184 0x2637970 0x2638f10
...
002e:trace:secur32:schan_InitializeSecurityContextW 0x2638ef0 0x2638f20
L"secure.desura.com" 0x0000811c 0 0 (nil) 0 0xba0e0c8 0xba0e184 0x2637970
0x2638f10
002e:trace:secur32:dump_buffer_desc Buffer desc 0xba0e184:
002e:trace:secur32:dump_buffer_desc buffer 0: cbBuffer 0, BufferType 0
pvBuffer (nil)
...
002e:trace:secur32:DeleteSecurityContext 0x2638f08
002e:trace:secur32:schan_DeleteSecurityContext context_handle 0x2638f20
002e:trace:secur32:schan_gnutls_log <4> REC[0x7c701708]: Start of epoch cleanup
002e:trace:secur32:schan_gnutls_log <4> REC[0x7c701708]: End of epoch cleanup
002e:trace:secur32:schan_gnutls_log <4> REC[0x7c701708]: Epoch #1 freed
...
002e:trace:secur32:FreeCredentialsHandle 0x2638f68
002e:trace:secur32:schan_FreeCredentialsHandle phCredential 0x2638ef0
...
002e:Call KERNEL32.RaiseException(e06d7363,00000001,00000003,0ba0e204)
ret=01009339
002e:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b83af77
ip=7b83af77 tid=002e
002e:trace:seh:raise_exception info[0]=19930520
002e:trace:seh:raise_exception info[1]=0ba0e248
002e:trace:seh:raise_exception info[2]=018261d0
002e:trace:seh:raise_exception eax=7b826e55 ebx=7b8be000 ecx=19930520
edx=0ba0e144 esi=0ba0e1e8 edi=0ba0e1b0
002e:trace:seh:raise_exception ebp=0ba0e188 esp=0ba0e124 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00000283
002e:trace:seh:call_stack_handlers calling handler at 0x17f0d98 code=e06d7363
flags=1
...
0023:Call user32.SetWindowTextW(000100ee,02635de8 L"Failed to login\n\nSSL
connect error (https://secure.desura.com/3/memberlogin) [schannel: failed to
setup sequence detection] [58.35]") ret=01a3af80
--- snip ---
I left out multiple non-failing 'InitializeSecurityContextA' calls, denoting
different connection stages/phases.
The failing call to 'ApplyControlToken' returning 'SEC_E_UNSUPPORTED_FUNCTION'
is mostly harmless.
The last call to 'InitializeSecurityContextA' ->
'schan_InitializeSecurityContextA' also fails, returning
'SEC_E_INCOMPLETE_MESSAGE'. .
That's on the connection/protocol tear-down path (SSL close notify message).
--- snip ---
...
01732756 LEA EAX,DWORD PTR DS:[ECX+8]
01732759 MOV DWORD PTR SS:[ESP+18],0
01732761 PUSH EAX ; ptsExpiry
01732762 LEA EAX,DWORD PTR DS:[ESI+44]
01732765 MOV DWORD PTR SS:[ESP+38],0
0173276D PUSH EAX ; pfContextAttr
0173276E LEA EAX,DWORD PTR SS:[ESP+3C]
01732772 MOV DWORD PTR SS:[ESP+40],1
0173277A PUSH EAX ; pOutput
0173277B MOV EAX,DWORD PTR DS:[1834318]
01732780 PUSH ECX ; phNewContext
01732781 PUSH 0 ; Reserved2 = 0
01732783 PUSH 0 ; pInput = NULL
01732785 MOV EAX,DWORD PTR DS:[EAX+18]
01732788 PUSH 0 ; TargetDataRep = 0
0173278A PUSH 0 ; Reserved1 = NUL
0173278C PUSH DWORD PTR DS:[ESI+40] ; fContextReq = 0x811C
0173278F PUSH EDX ; pszTargetName = "secure.desura.com"
01732790 PUSH ECX ; phContext
01732791 PUSH DWORD PTR DS:[ESI+8] ; phCredential
01732794 CALL EAX ; InitializeSecurityContextA
01732796 TEST EAX,EAX ; eax = 0x80090318
01732798 JE SHORT webcore.017327A1
0173279A CMP EAX,90317
0173279F JNZ SHORT webcore.017327F6
...
--- snip ---
fContextReq = 0x811C -> ISC_REQ_STREAM | ISC_REQ_ALLOCATE_MEMORY |
ISC_REQ_CONFIDENTIALITY | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT
Unfortunately the failing protocol sequence on tear-down path wasn't even
responsible for the problem.
It took me some good hours to debug this out as the error code is internally
maintained and propagated through some objects until the C++ exception is
finally raised.
At one time during SSL connection sequence, the client code checks if the
required context attributes are met.
It specifically looks for 'ISC_RET_SEQUENCE_DETECT' while Wine returned 0x100
('ISC_REQ_ALLOCATE_MEMORY').
Source:
http://source.winehq.org/git/wine.git/blob/4d97b3232310d8a71610a5c97b9738fbad8b5482:/dlls/secur32/schannel.c#l775
--- snip ---
775 static SECURITY_STATUS SEC_ENTRY schan_InitializeSecurityContextW(
776 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
777 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
778 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
779 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
780 {
...
910 *pfContextAttr = 0;
911 if (ctx->req_ctx_attr & ISC_REQ_ALLOCATE_MEMORY)
912 *pfContextAttr |= ISC_RET_ALLOCATED_MEMORY;
913
914 return ret;
915 }
--- snip ---
You need to handle (return) more context attributes, at least
'ISC_RET_SEQUENCE_DETECT', 'ISC_RET_REPLAY_DETECT', 'ISC_RET_CONFIDENTIALITY',
'ISC_RET_STREAM' in addition to 'ISC_RET_ALLOCATED_MEMORY'.
I tested a fix and it allows to login with Desura, visit market place, download
games etc.
$ sha1sum DesuraInstaller.exe
8694863a4fe8989de4e57d249ba23e637dc36cd7 DesuraInstaller.exe
$ du -sh DesuraInstaller.exe
1.2M DesuraInstaller.exe
$ wine --version
wine-1.7.30-112-g5d17f9b
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list