[Bug 37527] New: Multiple games and applications fail to connect/login via SSL, reporting 'schannel failed to setup sequence detection' (Desura client, Darkfall, ARMA II multiplayer)
https://bugs.winehq.org/show_bug.cgi?id=37527
Bug ID: 37527 Summary: Multiple games and applications fail to connect/login via SSL, reporting 'schannel failed to setup sequence detection' (Desura client, Darkfall, ARMA II multiplayer) Product: Wine Version: 1.7.30 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: secur32 Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
found this while trying out Desura client for Windows.
The Linux client was discontinued/broken some time ago hence this might be useful for the 5 users left wanting to play with an up-to-date Desura :)
A quick search turned up some more hits on this error:
Desura -> https://forum.winehq.org/viewtopic.php?f=8&t=22986 ArmA II: Operation Arrowhead -> appdb, Multiplayer Darkfall -> reported multiple times in WineHQ forums, no resolution
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Desura
$ WINEDEBUG=+tid,+seh,+relay,+secur32 wine ./desura.exe >>log.txt 2>&1 ... 002e:trace:secur32:InitializeSecurityContextA 0x2638f68 0x2638f08 "secure.desura.com" 0x0000811c 0 0 0xba0e154 0 (nil) 0xba0e148 0x2637970 0x2638f10 002e:trace:secur32:schan_InitializeSecurityContextA 0x2638ef0 0x2638f20 "secure.desura.com" 33052 0 0 0xba0e154 0 (nil) 0xba0e148 0x2637970 0x2638f10 ... 002e:trace:secur32:schan_InitializeSecurityContextW 0x2638ef0 0x2638f20 L"secure.desura.com" 0x0000811c 0 0 0xba0e154 0 (nil) 0xba0e148 0x2637970 0x2638f10 002e:trace:secur32:dump_buffer_desc Buffer desc 0xba0e154: 002e:trace:secur32:dump_buffer_desc buffer 0: cbBuffer 258, BufferType 0x2 pvBuffer 0x2635b68 002e:trace:secur32:dump_buffer_desc buffer 1: cbBuffer 0, BufferType 0 pvBuffer (nil) 002e:trace:secur32:dump_buffer_desc Buffer desc 0xba0e148: 002e:trace:secur32:dump_buffer_desc buffer 0: cbBuffer 0, BufferType 0x2 pvBuffer (nil) 002e:trace:secur32:dump_buffer_desc buffer 1: cbBuffer 0, BufferType 0x11 pvBuffer (nil) 002e:trace:secur32:schan_InitializeSecurityContextW Using expected_size 258. ... 002e:trace:secur32:schan_imp_handshake Handshake completed ... 002e:trace:secur32:ApplyControlToken 0x2638f08 0xba0e178 ... 002e:Call KERNEL32.FormatMessageA(00001200,00000000,80090302,00000000,0ba0e040,000000ff,00000000) ret=017216ce 002e:Ret KERNEL32.FormatMessageA() retval=00000000 ret=017216ce ... 002e:trace:secur32:InitializeSecurityContextA 0x2638f68 0x2638f08 "secure.desura.com" 0x0000811c 0 0 (nil) 0 0x2638f08 0xba0e184 0x2637970 0x2638f10 002e:trace:secur32:schan_InitializeSecurityContextA 0x2638ef0 0x2638f20 "secure.desura.com" 33052 0 0 (nil) 0 0xba0e0c8 0xba0e184 0x2637970 0x2638f10 ... 002e:trace:secur32:schan_InitializeSecurityContextW 0x2638ef0 0x2638f20 L"secure.desura.com" 0x0000811c 0 0 (nil) 0 0xba0e0c8 0xba0e184 0x2637970 0x2638f10 002e:trace:secur32:dump_buffer_desc Buffer desc 0xba0e184: 002e:trace:secur32:dump_buffer_desc buffer 0: cbBuffer 0, BufferType 0 pvBuffer (nil) ... 002e:trace:secur32:DeleteSecurityContext 0x2638f08 002e:trace:secur32:schan_DeleteSecurityContext context_handle 0x2638f20 002e:trace:secur32:schan_gnutls_log <4> REC[0x7c701708]: Start of epoch cleanup 002e:trace:secur32:schan_gnutls_log <4> REC[0x7c701708]: End of epoch cleanup 002e:trace:secur32:schan_gnutls_log <4> REC[0x7c701708]: Epoch #1 freed ... 002e:trace:secur32:FreeCredentialsHandle 0x2638f68 002e:trace:secur32:schan_FreeCredentialsHandle phCredential 0x2638ef0 ... 002e:Call KERNEL32.RaiseException(e06d7363,00000001,00000003,0ba0e204) ret=01009339 002e:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b83af77 ip=7b83af77 tid=002e 002e:trace:seh:raise_exception info[0]=19930520 002e:trace:seh:raise_exception info[1]=0ba0e248 002e:trace:seh:raise_exception info[2]=018261d0 002e:trace:seh:raise_exception eax=7b826e55 ebx=7b8be000 ecx=19930520 edx=0ba0e144 esi=0ba0e1e8 edi=0ba0e1b0 002e:trace:seh:raise_exception ebp=0ba0e188 esp=0ba0e124 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00000283 002e:trace:seh:call_stack_handlers calling handler at 0x17f0d98 code=e06d7363 flags=1 ... 0023:Call user32.SetWindowTextW(000100ee,02635de8 L"Failed to login\n\nSSL connect error (https://secure.desura.com/3/memberlogin) [schannel: failed to setup sequence detection] [58.35]") ret=01a3af80 --- snip ---
I left out multiple non-failing 'InitializeSecurityContextA' calls, denoting different connection stages/phases.
The failing call to 'ApplyControlToken' returning 'SEC_E_UNSUPPORTED_FUNCTION' is mostly harmless. The last call to 'InitializeSecurityContextA' -> 'schan_InitializeSecurityContextA' also fails, returning 'SEC_E_INCOMPLETE_MESSAGE'. .
That's on the connection/protocol tear-down path (SSL close notify message).
--- snip --- ... 01732756 LEA EAX,DWORD PTR DS:[ECX+8] 01732759 MOV DWORD PTR SS:[ESP+18],0 01732761 PUSH EAX ; ptsExpiry 01732762 LEA EAX,DWORD PTR DS:[ESI+44] 01732765 MOV DWORD PTR SS:[ESP+38],0 0173276D PUSH EAX ; pfContextAttr 0173276E LEA EAX,DWORD PTR SS:[ESP+3C] 01732772 MOV DWORD PTR SS:[ESP+40],1 0173277A PUSH EAX ; pOutput 0173277B MOV EAX,DWORD PTR DS:[1834318] 01732780 PUSH ECX ; phNewContext 01732781 PUSH 0 ; Reserved2 = 0 01732783 PUSH 0 ; pInput = NULL 01732785 MOV EAX,DWORD PTR DS:[EAX+18] 01732788 PUSH 0 ; TargetDataRep = 0 0173278A PUSH 0 ; Reserved1 = NUL 0173278C PUSH DWORD PTR DS:[ESI+40] ; fContextReq = 0x811C 0173278F PUSH EDX ; pszTargetName = "secure.desura.com" 01732790 PUSH ECX ; phContext 01732791 PUSH DWORD PTR DS:[ESI+8] ; phCredential 01732794 CALL EAX ; InitializeSecurityContextA 01732796 TEST EAX,EAX ; eax = 0x80090318 01732798 JE SHORT webcore.017327A1 0173279A CMP EAX,90317 0173279F JNZ SHORT webcore.017327F6 ... --- snip ---
fContextReq = 0x811C -> ISC_REQ_STREAM | ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT
Unfortunately the failing protocol sequence on tear-down path wasn't even responsible for the problem. It took me some good hours to debug this out as the error code is internally maintained and propagated through some objects until the C++ exception is finally raised.
At one time during SSL connection sequence, the client code checks if the required context attributes are met. It specifically looks for 'ISC_RET_SEQUENCE_DETECT' while Wine returned 0x100 ('ISC_REQ_ALLOCATE_MEMORY').
Source: http://source.winehq.org/git/wine.git/blob/4d97b3232310d8a71610a5c97b9738fba...
--- snip --- 775 static SECURITY_STATUS SEC_ENTRY schan_InitializeSecurityContextW( 776 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName, 777 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, 778 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, 779 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry) 780 { ... 910 *pfContextAttr = 0; 911 if (ctx->req_ctx_attr & ISC_REQ_ALLOCATE_MEMORY) 912 *pfContextAttr |= ISC_RET_ALLOCATED_MEMORY; 913 914 return ret; 915 } --- snip ---
You need to handle (return) more context attributes, at least 'ISC_RET_SEQUENCE_DETECT', 'ISC_RET_REPLAY_DETECT', 'ISC_RET_CONFIDENTIALITY', 'ISC_RET_STREAM' in addition to 'ISC_RET_ALLOCATED_MEMORY'.
I tested a fix and it allows to login with Desura, visit market place, download games etc.
$ sha1sum DesuraInstaller.exe 8694863a4fe8989de4e57d249ba23e637dc36cd7 DesuraInstaller.exe
$ du -sh DesuraInstaller.exe 1.2M DesuraInstaller.exe
$ wine --version wine-1.7.30-112-g5d17f9b
Regards
https://bugs.winehq.org/show_bug.cgi?id=37527
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://www.desura.com/Desur | |aInstaller.exe
https://bugs.winehq.org/show_bug.cgi?id=37527
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
--- Comment #1 from Sebastian Lackner sebastian@fds-team.de --- Please note that after installing Desura you'll need to workaround bug 37536 first.
Confirming, the following patch helps:
https://github.com/wine-compholio/wine-staging/blob/master/patches/secur32-S...
I decided for the "minimal" fix to avoid regressions when apps expect specific flags not to be set (if there is any app like that?!). Will check if its possible to write some tests for that.
https://bugs.winehq.org/show_bug.cgi?id=37527
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |8729575112802b34c6509642187 | |b67d6873d2c47 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/8729575112802b34c650964218...
Thanks Sebastian
Regards
https://bugs.winehq.org/show_bug.cgi?id=37527
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.41.
https://bugs.winehq.org/show_bug.cgi?id=37527
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.desura.com/Desur |https://web.archive.org/web |aInstaller.exe |/20151028094647/http://www. | |desura.com/DesuraInstaller. | |exe
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
adding stable download link via Internet Archive for documentation.
https://web.archive.org/web/20151028094647/http://www.desura.com/DesuraInsta...
https://www.virustotal.com/gui/file/ccb0b41a0c1e2cab4275d7f4275ab29456888fc3...
$ sha1sum DesuraInstaller.exe a7dba809e121ba210bcfb0d298a2bf9bc89179ac DesuraInstaller.exe
$ du -sh DesuraInstaller.exe 40M DesuraInstaller.exe
Regards
-
wine-bugs@winehq.org -
WineHQ Bugzilla