[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Dec 23 01:39:01 MST 2010
The branch, master has been updated
via e9dddc5 s3:libsmb: use 16 zero bytes as channel binding checksum in the gssapi checksum (bug #7883)
from 30d29e6 All calls to event_add_to_select_args() call GetTimeOfDay() and pass this in as the &now parameter. Push this call inside of event_add_to_select_args() to the correct point so it doesn't get called unless needed.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e9dddc55e324c62973e6a561477b532cf9ed79af
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Dec 23 08:17:48 2010 +0100
s3:libsmb: use 16 zero bytes as channel binding checksum in the gssapi checksum (bug #7883)
This fixes SMB session setups with kerberos against some closed
source SMB servers.
The new behavior matches heimdal and mit.
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Thu Dec 23 09:38:43 CET 2010 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/clikrb5.c | 30 ++++++++++--------------------
1 files changed, 10 insertions(+), 20 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 5d51a5b..b4962a0 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -704,26 +704,16 @@ static krb5_error_code create_gss_checksum(krb5_data *in_data, /* [inout] */
memset(gss_cksum, '\0', base_cksum_size + orig_length);
SIVAL(gss_cksum, 0, GSSAPI_BNDLENGTH);
- /* Precalculated MD5sum of NULL channel bindings (20 bytes) */
- /* Channel bindings are: (all ints encoded as little endian)
-
- [4 bytes] initiator_addrtype (255 for null bindings)
- [4 bytes] initiator_address length
- [n bytes] .. initiator_address data - not present
- in null bindings.
- [4 bytes] acceptor_addrtype (255 for null bindings)
- [4 bytes] acceptor_address length
- [n bytes] .. acceptor_address data - not present
- in null bindings.
- [4 bytes] application_data length
- [n bytes] .. application_ data - not present
- in null bindings.
- MD5 of this is ""\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18"
- */
-
- memcpy(&gss_cksum[4],
- "\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18",
- GSSAPI_BNDLENGTH);
+ /*
+ * GSS_C_NO_CHANNEL_BINDINGS means 16 zero bytes.
+ * This matches the behavior of heimdal and mit.
+ *
+ * And it is needed to work against some closed source
+ * SMB servers.
+ *
+ * See bug #7883
+ */
+ memset(&gss_cksum[4], 0x00, GSSAPI_BNDLENGTH);
SIVAL(gss_cksum, 20, gss_flags);
--
Samba Shared Repository
More information about the samba-cvs
mailing list