diff options
author | Stefan Metzmacher <metze@samba.org> | 2005-03-22 06:58:27 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:11:10 -0500 |
commit | 376b03ebd895b221b70058ee18bea50587388182 (patch) | |
tree | bec8112f9469c59b443e469a1a48bfff77169adb | |
parent | da5349dede9d4add974da3078437a8513a39bbae (diff) | |
download | samba-376b03ebd895b221b70058ee18bea50587388182.tar.gz samba-376b03ebd895b221b70058ee18bea50587388182.tar.bz2 samba-376b03ebd895b221b70058ee18bea50587388182.zip |
r5940: fix schannel against w2k, it skips the confounder in the signature (24 bytes) for singed packets
but it accepts 32 bytes from the client.
(w2k3 accept it the otherway arround too)
metze
(This used to be commit 08d4c3b9f8558ee40c73a22b3ec110b052f28110)
-rw-r--r-- | source4/libcli/auth/schannel.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source4/libcli/auth/schannel.c b/source4/libcli/auth/schannel.c index a5521d4626..d582ff2dd0 100644 --- a/source4/libcli/auth/schannel.c +++ b/source4/libcli/auth/schannel.c @@ -158,7 +158,8 @@ NTSTATUS schannel_check_packet(struct schannel_state *state, uint8_t seq_num[8]; static const uint8_t netsec_sig[8] = NETSEC_SIGN_SIGNATURE; - if (sig->length != 32) { + /* w2k sends just 24 bytes and skip the confounder */ + if (sig->length != 32 && sig->length != 24) { return NT_STATUS_ACCESS_DENIED; } |