[SCM] Samba Shared Repository - branch v3-4-test updated - release-4-0-0alpha7-1244-gebd5019

Karolin Seeger kseeger at samba.org
Tue Sep 8 04:40:28 MDT 2009 

The branch, v3-4-test has been updated
       via  ebd5019ef422a85119a7ea25025ff22d5a3bd757 (commit)
      from  ada543569f498ef526ea9602eb19850e37f62fe2 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -----------------------------------------------------------------
commit ebd5019ef422a85119a7ea25025ff22d5a3bd757
Author: Günther Deschner <gd at samba.org>
Date:   Tue Sep 8 11:57:52 2009 +0200

    s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.
    
    The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
    W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
    byte). We should just ignore the remaining 12 zeroed bytes and proceed.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/include/rpc_dce.h     |    2 +-
 source3/rpc_client/cli_pipe.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index 580b14f..d3c5c42 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -150,7 +150,7 @@ enum schannel_direction {
 };
 
 /* Maximum size of the signing data in a fragment. */
-#define RPC_MAX_SIGN_SIZE 0x20 /* 32 */
+#define RPC_MAX_SIGN_SIZE 0x38 /* 56 */
 
 /* Maximum PDU fragment size. */
 /* #define MAX_PDU_FRAG_LEN 0x1630		this is what wnt sets */
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 57f49fb..9aba938 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -683,7 +683,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
 		return NT_STATUS_OK;
 	}
 
-	if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+	if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
 		DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len ));
 		return NT_STATUS_INVALID_PARAMETER;
 	}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list