[PATCH 8/9] kerberos: Don't include GSS_C_DCE_STYLE in default gss_init_sec_context() flags.
Hans Leidekker
hans at codeweavers.com
Thu Jan 25 06:12:43 CST 2018
On Thu, 2018-01-25 at 19:39 +0800, Dmitry Timoshkov wrote:
> > Hans Leidekker <hans at codeweavers.com> wrote:
>
> > > static ULONG flags_isc_req_to_gss( ULONG flags )
> > > {
> > > - ULONG ret = GSS_C_DCE_STYLE;
> > > + ULONG ret = 0;
> > > if (flags & ISC_REQ_DELEGATE) ret |= GSS_C_DELEG_FLAG;
> > > if (flags & ISC_REQ_MUTUAL_AUTH) ret |= GSS_C_MUTUAL_FLAG;
> > > if (flags & ISC_REQ_REPLAY_DETECT) ret |= GSS_C_REPLAY_FLAG;
> >
> > This breaks my tests:
> >
> > 0009:trace:secur32:EncryptMessage 0x32fca0 0 0x32fc64 0
> > 0009:trace:secur32:lsa_EncryptMessage 0x1307f8 0 0x32fc64 0)
> > 0009:trace:kerberos:kerberos_SpSealMessage (7cef1cb8 0x00000000 0x32fc64 0)
> > 0009:trace:kerberos:kerberos_SpSealMessage gss_wrap_iov returned 000d0000 minor status 00000016
> > 0009:fixme:kerberos:status_gss_to_sspi couldn't convert status 0x000d0000 to SECURITY_STATUS
> > kerberos.c:309: Test failed: got 80090304
> > kerberos.c:312: Test failed: wrong data
> > kerberos.c:315: Test failed: got 12000
> > kerberos.c:316: Test failed: buffer not modified
>
> Could you please provide the test sources along with the following log:
> KRB5_TRACE=/dev/stdout WINEDEBUG=+secur32 wine yourtest.exe
Attached log is from runnning this command with your debug patch applied:
KRB5_TRACE=/dev/stdout WINEDEBUG=+secur32,+kerberos ../../../tools/runtest -P wine -T ../../.. -M secur32.dll -p secur32_test.exe.so kerberos
> Also how are you testing kerberos SSP/AP? With my secur32 patches
> from the queue or something else?
Yes, this is against your secur32 patches. The server is a Windows 2008
domain controller. See the test source for more details.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kerbtest.diff
Type: text/x-patch
Size: 15607 bytes
Desc: not available
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20180125/91d4d4e6/attachment-0001.bin>
-------------- next part --------------
0009:trace:secur32:SECUR32_initializeProviders
0009:trace:kerberos:SpLsaModeInitialize 0x10000,0x32e5a0,0x32e5b0,0x32e5a4
0009:trace:secur32:lsa_AllocateLsaHeap 9
0009:trace:secur32:lsa_AllocateLsaHeap 8
0009:trace:secur32:load_package L"Kerberos" => 0x7e850000, name "Kerberos", version 0x10000, api table 0x7e859500, table count 1
0009:trace:kerberos:kerberos_SpInitialize 1,(nil),(nil)
0009:trace:kerberos:SpUserModeInitialize 0x10000,0x32e5a8,0x32e5b4,0x32e5ac
0009:fixme:kerberos:kerberos_SpInstanceInit 65536,0x7edab3a0,(nil): stub
0009:trace:kerberos:kerberos_SpGetInfo 0x111de8
0009:trace:secur32:QuerySecurityPackageInfoA "Kerberos" 0x32fdac
kerberos.c:374: Test failed: got 008f3bbf
0009:trace:secur32:FreeCredentialsHandle (nil)
kerberos.c:132: setting up client
0009:trace:secur32:QuerySecurityPackageInfoA "Kerberos" 0x32fc80
0009:trace:secur32:AcquireCredentialsHandleA (null) "Kerberos" 2 (nil) (nil) (nil) (nil) 0x32fc98 0x32fcf0
0009:trace:secur32:lsa_AcquireCredentialsHandleA (null) "Kerberos" 0x2 (nil) (nil) (nil) 0x32fb78 0x32fcf0
0009:trace:secur32:lsa_AcquireCredentialsHandleW (null) L"Kerberos" 0x2 (nil) (nil) (nil) 0x32fb78 0x32fcf0
0009:trace:kerberos:kerberos_SpAcquireCredentialsHandle (<null> 0x00000002 (nil) (nil) (nil) (nil) 0x32fa40 0x32fcf0)
0009:trace:kerberos:kerberos_SpAcquireCredentialsHandle gss_acquire_cred returned 00000000 minor status 00000000
0009:trace:secur32:SECUR32_makeSecHandle 0x32fc98 0x111e08 0x32fb78
kerberos.c:152: setting up server
0009:trace:secur32:QuerySecurityPackageInfoA "Kerberos" 0x32fc80
0009:trace:secur32:AcquireCredentialsHandleA (null) "Kerberos" 1 (nil) (nil) (nil) (nil) 0x32fcc4 0x32fcf0
0009:trace:secur32:lsa_AcquireCredentialsHandleA (null) "Kerberos" 0x1 (nil) (nil) (nil) 0x32fb78 0x32fcf0
0009:trace:secur32:lsa_AcquireCredentialsHandleW (null) L"Kerberos" 0x1 (nil) (nil) (nil) 0x32fb78 0x32fcf0
0009:trace:kerberos:kerberos_SpAcquireCredentialsHandle (<null> 0x00000001 (nil) (nil) (nil) (nil) 0x32fa40 0x32fcf0)
0009:trace:kerberos:kerberos_SpAcquireCredentialsHandle gss_acquire_cred returned 00000000 minor status 00000000
0009:trace:secur32:SECUR32_makeSecHandle 0x32fcc4 0x111e08 0x32fb78
kerberos.c:174: running client for the first time
0009:trace:secur32:InitializeSecurityContextA 0x32fc98 (nil) "HTTP/wintest2.test.local at TEST.LOCAL" 0x0001001c 0 0 (nil) 0 0x32fca0 0x32fcb4 0x32fc80 0x32fcf0
0009:trace:secur32:lsa_InitializeSecurityContextA 0x1289a8 (nil) "HTTP/wintest2.test.local at TEST.LOCAL" 0x1001c 0 0 (nil) 0 0x32fb78 0x32fcb4 0x32fc80 0x32fcf0
0009:trace:secur32:lsa_InitializeSecurityContextW 0x1289a8 (nil) L"HTTP/wintest2.test.local at TEST.LOCAL" 0x1001c 0 0 (nil) 0 0x32fb78 0x32fcb4 0x32fc80 0x32fcf0
0009:trace:kerberos:kerberos_SpInitLsaModeContext (7c61ee18 0 L"HTTP/wintest2.test.local at TEST.LOCAL" 0x0001001c 0 (nil) 0x32fa44 0x32fcb4 0x32fc80 0x32fcf0 0x32fa43 (nil))
0009:trace:kerberos:name_sspi_to_gss gss_import_name returned 00000000 minor status 00000000
[24381] 1516881402.985007: Getting credentials wintest2 at TEST.LOCAL -> HTTP/wintest2.test.local at TEST.LOCAL using ccache FILE:/tmp/krb5cc_1000
[24381] 1516881402.985140: Retrieving wintest2 at TEST.LOCAL -> HTTP/wintest2.test.local at TEST.LOCAL from FILE:/tmp/krb5cc_1000 with result: 0/Success
[24381] 1516881402.985197: Creating authenticator for wintest2 at TEST.LOCAL -> HTTP/wintest2.test.local at TEST.LOCAL, seqnum 768277808, subkey rc4-hmac/1B2C, session key rc4-hmac/9D1C
0009:trace:kerberos:kerberos_SpInitLsaModeContext gss_init_sec_context returned 00000000 minor status 00000000 ret_flags 0000013c
0009:trace:secur32:SECUR32_makeSecHandle 0x32fca0 0x111e08 0x32fb78
kerberos.c:224: running communicate
kerberos.c:207: running server for the first time
0009:trace:secur32:AcceptSecurityContext 0x32fcc4 (nil) 0x32fcd4 0 0 0x32fccc 0x32fce0 0x32fc80 0x32fcf0
0009:trace:secur32:lsa_AcceptSecurityContext 0x12efd8 (nil) 0x32fcd4 0 0 0x32fb78 0x32fce0 0x32fc80 0x32fcf0
0009:trace:kerberos:kerberos_SpAcceptLsaModeContext (7c62f278 0 0x00000000 0 0x32fcd4 0x32fadc 0x32fce0 0x32fc80 0x32fcf0 0x32fadb (nil))
[24381] 1516881402.985478: Decrypted AP-REQ with server principal HTTP/wintest2.test.local at TEST.LOCAL: rc4-hmac/D058
[24381] 1516881402.985508: AP-REQ ticket: wintest2 at TEST.LOCAL -> HTTP/wintest2.test.local at TEST.LOCAL, session key rc4-hmac/9D1C
[24381] 1516881403.26313: Negotiated enctype based on authenticator: rc4-hmac
[24381] 1516881403.26337: Authenticator contains subkey: rc4-hmac/1B2C
0009:trace:kerberos:kerberos_SpAcceptLsaModeContext gss_accept_sec_context returned 00000000 minor status 00000000 ctxt_handle 0x7c62f8d8
0009:trace:secur32:SECUR32_makeSecHandle 0x32fccc 0x111e08 0x32fb78
kerberos.c:224: running communicate
kerberos.c:274: looping
0009:trace:secur32:QueryContextAttributesA 0x32fca0 0 0x32fc70
0009:trace:secur32:lsa_QueryContextAttributesA 0x12eff0 0 0x32fc70
0009:trace:secur32:lsa_QueryContextAttributesW 0x12eff0 0 0x32fc70
0009:trace:kerberos:kerberos_SpQueryContextAttributes (7c623a20 0 0x32fc70)
0009:trace:secur32:EncryptMessage 0x32fca0 0 0x32fc64 0
0009:trace:secur32:lsa_EncryptMessage 0x12eff0 0 0x32fc64 0)
0009:trace:kerberos:kerberos_SpSealMessage (7c623a20 0x00000000 0x32fc64 0)
0009:trace:kerberos:kerberos_SpSealMessage gss_wrap_iov returned 000d0000 minor status 00000016
0009:trace:kerberos:trace_gss_status_ex GSS-API error: 0x000d0000: "Unspecified GSS failure. Minor code may provide more information"
0009:trace:kerberos:trace_gss_status_ex GSS-API error: 0x00000016: "Invalid argument"
0009:fixme:kerberos:status_gss_to_sspi couldn't convert status 0x000d0000 to SECURITY_STATUS
kerberos.c:309: Test failed: got 80090304
kerberos.c:312: Test failed: wrong data
kerberos.c:315: Test failed: got 12000
kerberos.c:316: Test failed: buffer not modified
0009:trace:secur32:DecryptMessage 0x32fccc 0x32fc64 0 (nil)
0009:trace:secur32:lsa_DecryptMessage 0x134e00 0x32fc64 0 (nil))
0009:trace:kerberos:kerberos_SpUnsealMessage (7c62f8d8 0x32fc64 0 (nil))
kerberos.c:319: Test failed: got 80090301
0009:trace:secur32:MakeSignature 0x32fca0 0 0x32fc64 0
0009:trace:secur32:lsa_MakeSignature 0x12eff0 0 0x32fc64 0)
0009:trace:kerberos:kerberos_SpMakeSignature (7c623a20 0x00000000 0x32fc64 0)
0009:trace:kerberos:kerberos_SpMakeSignature gss_get_mic returned 00000000 minor status 00000000
kerberos.c:342: Test succeeded inside todo block: got 37
0009:trace:secur32:VerifySignature 0x32fccc 0x32fc64 0 (nil)
0009:trace:secur32:lsa_VerifySignature 0x134e00 0x32fc64 0 (nil))
0009:trace:kerberos:kerberos_SpVerifySignature (7c62f8d8 0x32fc64 0 (nil))
0009:trace:kerberos:kerberos_SpVerifySignature gss_verify_mic returned 00000000 minor status 00000000
0009:trace:secur32:DeleteSecurityContext 0x32fca0
0009:trace:secur32:lsa_DeleteSecurityContext 0x12eff0
0009:trace:kerberos:kerberos_SpDeleteContext (7c623a20)
0009:trace:kerberos:kerberos_SpDeleteContext gss_delete_sec_context returned 00000000 minor status 00000000
0009:trace:secur32:DeleteSecurityContext 0x32fccc
0009:trace:secur32:lsa_DeleteSecurityContext 0x134e00
0009:trace:kerberos:kerberos_SpDeleteContext (7c62f8d8)
0009:trace:kerberos:kerberos_SpDeleteContext gss_delete_sec_context returned 00000000 minor status 00000000
0009:trace:secur32:FreeCredentialsHandle 0x32fc98
0009:trace:secur32:lsa_FreeCredentialsHandle 0x1289a8
0009:trace:kerberos:kerberos_SpFreeCredentialsHandle (7c61ee18)
0009:trace:kerberos:kerberos_SpFreeCredentialsHandle gss_release_cred returned 00000000 minor status 00000000
0009:trace:secur32:FreeCredentialsHandle 0x32fcc4
0009:trace:secur32:lsa_FreeCredentialsHandle 0x12efd8
0009:trace:kerberos:kerberos_SpFreeCredentialsHandle (7c62f278)
0009:trace:kerberos:kerberos_SpFreeCredentialsHandle gss_release_cred returned 00000000 minor status 00000000
0008:kerberos: 42 tests executed (0 marked as todo, 7 failures), 0 skipped.
More information about the wine-devel
mailing list