On 1/25/24 11:01 AM, David Mulder via cifs-protocol wrote:
I just discovered something interesting. If I take the transport key and certificate from the powershell on Windows join, then transfer it to my Linux code, then I get a valid session_key_jwe in the PRT response. So something about the join is breaking the PRT.
I discovered what was causing the problem. In the join request I was inserting the TransportKey as a Jwk. The request was actually expecting a MS CNG key blob. So Azure parsed the Jwk as a CNG Blob, then stored that garbage somewhere. This left it with a public portion of the transport key that was longer than it was supposed to be.
Azure should be checking that the TransportKey is something sensible, instead of blindly accepting it.
-- David Mulder Labs Software Engineer, Samba SUSE 1221 S Valley Grove Way, Suite 500 Pleasant Grove, UT 84062 (P)+1 385.208.2989 dmul...@suse.com http://www.suse.com _______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol