summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2005-03-22 06:58:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:11:10 -0500
commit376b03ebd895b221b70058ee18bea50587388182 (patch)
treebec8112f9469c59b443e469a1a48bfff77169adb
parentda5349dede9d4add974da3078437a8513a39bbae (diff)
downloadsamba-376b03ebd895b221b70058ee18bea50587388182.tar.gz
samba-376b03ebd895b221b70058ee18bea50587388182.tar.bz2
samba-376b03ebd895b221b70058ee18bea50587388182.zip
r5940: fix schannel against w2k, it skips the confounder in the signature (24 bytes) for singed packets
but it accepts 32 bytes from the client. (w2k3 accept it the otherway arround too) metze (This used to be commit 08d4c3b9f8558ee40c73a22b3ec110b052f28110)
-rw-r--r--source4/libcli/auth/schannel.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/source4/libcli/auth/schannel.c b/source4/libcli/auth/schannel.c
index a5521d4626..d582ff2dd0 100644
--- a/source4/libcli/auth/schannel.c
+++ b/source4/libcli/auth/schannel.c
@@ -158,7 +158,8 @@ NTSTATUS schannel_check_packet(struct schannel_state *state,
uint8_t seq_num[8];
static const uint8_t netsec_sig[8] = NETSEC_SIGN_SIGNATURE;
- if (sig->length != 32) {
+ /* w2k sends just 24 bytes and skip the confounder */
+ if (sig->length != 32 && sig->length != 24) {
return NT_STATUS_ACCESS_DENIED;
}