From cebd9a9013a76073c3035b74175d228116fc7e48 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 22 Sep 2008 14:23:22 -0700
Subject: This torture test and skipping of the server-side check was bogus.

The IDL is declared to force the MessageType to 3 on output, so we
instead checked the same thing 255 times...

Andrew Bartlett
---
 source4/kdc/kdc.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'source4/kdc/kdc.c')

diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 307c39a43c..030eb23c10 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -584,13 +584,11 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 	
-#if 0
-	/* Windows does not check this */
 	if (pac_validate.MessageType != 3) {
 		/* We don't implement any other message types - such as certificate validation - yet */
 		return NT_STATUS_INVALID_PARAMETER;
 	}
-#endif	
+
 	if (pac_validate.ChecksumAndSignature.length != (pac_validate.ChecksumLength + pac_validate.SignatureLength)
 	    || pac_validate.ChecksumAndSignature.length < pac_validate.ChecksumLength
 	    || pac_validate.ChecksumAndSignature.length < pac_validate.SignatureLength ) {
-- 
cgit