r1134: added a TODO regarding schannel credentials

(This used to be commit 17dacf494ac25bb6d9f6dea8cb81968ea2b84c55)
author: Andrew Tridgell <tridge@samba.org> 2004-06-14 07:28:05 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:56:39 -0500
commit: 791ee4a58110fc25d5f66e0e21372c766e400bd0 (patch)
tree: 54b5ae38cbc5b1aada3bb6f0662deed2230d76a3
parent: 004a9979a974775b6c94eabf5c9e7674d31a150a (diff)
download: samba-791ee4a58110fc25d5f66e0e21372c766e400bd0.tar.gz
samba-791ee4a58110fc25d5f66e0e21372c766e400bd0.tar.bz2
samba-791ee4a58110fc25d5f66e0e21372c766e400bd0.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c
index 1d4db74633..60feee7884 100644
--- a/source4/libcli/auth/credentials.c
+++ b/source4/libcli/auth/credentials.c
@@ -270,7 +270,8 @@ BOOL creds_server_step_check(struct creds_CredentialState *creds,
 			     struct netr_Authenticator *received_authenticator,
 			     struct netr_Authenticator *return_authenticator) 
 {
-	/* Should we check that this is increasing? */
+	/* TODO: this may allow the a replay attack on a non-signed
+	   connection. Should we check that this is increasing? */
 	creds->sequence = received_authenticator->timestamp;
 	creds_step(creds);
 	if (creds_server_check(creds, &received_authenticator->cred)) {
author	Andrew Tridgell <tridge@samba.org>	2004-06-14 07:28:05 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:56:39 -0500
commit	791ee4a58110fc25d5f66e0e21372c766e400bd0 (patch)
tree	54b5ae38cbc5b1aada3bb6f0662deed2230d76a3
parent	004a9979a974775b6c94eabf5c9e7674d31a150a (diff)
download	samba-791ee4a58110fc25d5f66e0e21372c766e400bd0.tar.gz samba-791ee4a58110fc25d5f66e0e21372c766e400bd0.tar.bz2 samba-791ee4a58110fc25d5f66e0e21372c766e400bd0.zip