summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2003-05-11 08:08:25 +0000
committerVolker Lendecke <vlendec@samba.org>2003-05-11 08:08:25 +0000
commit914ef37419ebc8660fed3bb645f990ce27295d34 (patch)
treea8332e8dd05ba588f26e0cd9ab038bbc65ec54a1
parent690641e8cc0366e45dd796063fba10a9b63084e1 (diff)
downloadsamba-914ef37419ebc8660fed3bb645f990ce27295d34.tar.gz
samba-914ef37419ebc8660fed3bb645f990ce27295d34.tar.bz2
samba-914ef37419ebc8660fed3bb645f990ce27295d34.zip
Ok, this is a hack. On a netsec bind reply I did not see anything
useful in the auth verifier yet. So this patch ignores it. Really checking this would be a lot more intrusive: in rpc_api_pipe we would have to distinguish between binds and normal requests, or have more state in the netsec info of cli_state, which is also somewhat hackish. Volker (This used to be commit 8de04fcf680a9bc5054965577eb500e0541ffe66)
-rw-r--r--source3/rpc_client/cli_pipe.c20
1 files changed, 20 insertions, 0 deletions
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 223d6a707e..4f465d7453 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -307,6 +307,26 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata,
prs_struct auth_verf;
if (auth_len != RPC_AUTH_NETSEC_CHK_LEN) {
+
+ if ( (auth_len == 12) &&
+ (cli->auth_info.seq_num == 0) ) {
+
+ /* This is the reply to our bind. Ok,
+ the sequence number can wrap
+ around. But this only means that
+ every 4 billion request we
+ misdetect a wrong length in a
+ reply. This is an error condition
+ which will lead to failure anyway
+ later.
+
+ The reply contains a
+ RPC_AUTH_VERIFIER with no content
+ (12 bytes), so ignore it.
+ */
+ return True;
+ }
+
DEBUG(0,("rpc_auth_pipe: wrong schannel auth len %d\n", auth_len));
return False;
}