From 376b03ebd895b221b70058ee18bea50587388182 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 22 Mar 2005 06:58:27 +0000
Subject: r5940: fix schannel against w2k, it skips the confounder in the
 signature (24 bytes) for singed packets but it accepts 32 bytes from the
 client.

(w2k3 accept it the otherway arround too)

metze
(This used to be commit 08d4c3b9f8558ee40c73a22b3ec110b052f28110)
---
 source4/libcli/auth/schannel.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'source4/libcli/auth')

diff --git a/source4/libcli/auth/schannel.c b/source4/libcli/auth/schannel.c
index a5521d4626..d582ff2dd0 100644
--- a/source4/libcli/auth/schannel.c
+++ b/source4/libcli/auth/schannel.c
@@ -158,7 +158,8 @@ NTSTATUS schannel_check_packet(struct schannel_state *state,
 	uint8_t seq_num[8];
 	static const uint8_t netsec_sig[8] = NETSEC_SIGN_SIGNATURE;
 
-	if (sig->length != 32) {
+	/* w2k sends just 24 bytes and skip the confounder */
+	if (sig->length != 32 && sig->length != 24) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-- 
cgit