[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5349-ge7e1e18
Karolin Seeger
kseeger at samba.org
Tue Sep 8 08:22:44 MDT 2009
The branch, v3-3-test has been updated
via e7e1e1887e79e4dcbd8836b775e387751c44f318 (commit)
from 7fd407fefe92939ecb78400d22aac55590851f70 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit e7e1e1887e79e4dcbd8836b775e387751c44f318
Author: Günther Deschner <gd at samba.org>
Date: Tue Sep 8 11:57:52 2009 +0200
s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.
The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
byte). We should just ignore the remaining 12 zeroed bytes and proceed.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/include/rpc_dce.h | 2 +-
source/rpc_client/cli_pipe.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h
index b63f0ea..2129c6d 100644
--- a/source/include/rpc_dce.h
+++ b/source/include/rpc_dce.h
@@ -150,7 +150,7 @@ enum schannel_direction {
};
/* Maximum size of the signing data in a fragment. */
-#define RPC_MAX_SIGN_SIZE 0x20 /* 32 */
+#define RPC_MAX_SIGN_SIZE 0x38 /* 56 */
/* Maximum PDU fragment size. */
/* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */
diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index 1442a3c..2e2767b 100644
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -490,7 +490,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
return NT_STATUS_OK;
}
- if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+ if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len ));
return NT_STATUS_INVALID_PARAMETER;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list