[SCM] Samba Shared Repository - branch v3-6-test updated
Stefan Metzmacher
metze at samba.org
Thu Dec 23 02:05:12 MST 2010
The branch, v3-6-test has been updated
via 3356192 s3:libsmb: use 16 zero bytes as channel binding checksum in the gssapi checksum (bug #7883)
from 32057f3 s3: "make etags" should not grow TAGS infinitely... (cherry picked from commit fd49ed238c5e82c8444eec35a09c32c191b76074)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 3356192af5d36fbe986c4728162d10fe883ba2fd
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Dec 23 08:17:48 2010 +0100
s3:libsmb: use 16 zero bytes as channel binding checksum in the gssapi checksum (bug #7883)
This fixes SMB session setups with kerberos against some closed
source SMB servers.
The new behavior matches heimdal and mit.
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Thu Dec 23 09:38:43 CET 2010 on sn-devel-104
(cherry picked from commit e9dddc55e324c62973e6a561477b532cf9ed79af)
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/clikrb5.c | 30 ++++++++++--------------------
1 files changed, 10 insertions(+), 20 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 5d51a5b..b4962a0 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -704,26 +704,16 @@ static krb5_error_code create_gss_checksum(krb5_data *in_data, /* [inout] */
memset(gss_cksum, '\0', base_cksum_size + orig_length);
SIVAL(gss_cksum, 0, GSSAPI_BNDLENGTH);
- /* Precalculated MD5sum of NULL channel bindings (20 bytes) */
- /* Channel bindings are: (all ints encoded as little endian)
-
- [4 bytes] initiator_addrtype (255 for null bindings)
- [4 bytes] initiator_address length
- [n bytes] .. initiator_address data - not present
- in null bindings.
- [4 bytes] acceptor_addrtype (255 for null bindings)
- [4 bytes] acceptor_address length
- [n bytes] .. acceptor_address data - not present
- in null bindings.
- [4 bytes] application_data length
- [n bytes] .. application_ data - not present
- in null bindings.
- MD5 of this is ""\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18"
- */
-
- memcpy(&gss_cksum[4],
- "\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18",
- GSSAPI_BNDLENGTH);
+ /*
+ * GSS_C_NO_CHANNEL_BINDINGS means 16 zero bytes.
+ * This matches the behavior of heimdal and mit.
+ *
+ * And it is needed to work against some closed source
+ * SMB servers.
+ *
+ * See bug #7883
+ */
+ memset(&gss_cksum[4], 0x00, GSSAPI_BNDLENGTH);
SIVAL(gss_cksum, 20, gss_flags);
--
Samba Shared Repository
More information about the samba-cvs
mailing list