[SCM] Samba Shared Repository - branch v3-6-test updated

Stefan Metzmacher metze at samba.org
Thu Dec 23 02:05:12 MST 2010 

The branch, v3-6-test has been updated
       via  3356192 s3:libsmb: use 16 zero bytes as channel binding checksum in the gssapi checksum (bug #7883)
      from  32057f3 s3: "make etags" should not grow TAGS infinitely... (cherry picked from commit fd49ed238c5e82c8444eec35a09c32c191b76074)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 3356192af5d36fbe986c4728162d10fe883ba2fd
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Dec 23 08:17:48 2010 +0100

    s3:libsmb: use 16 zero bytes as channel binding checksum in the gssapi checksum (bug #7883)
    
    This fixes SMB session setups with kerberos against some closed
    source SMB servers.
    
    The new behavior matches heimdal and mit.
    
    metze
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Thu Dec 23 09:38:43 CET 2010 on sn-devel-104
    (cherry picked from commit e9dddc55e324c62973e6a561477b532cf9ed79af)

-----------------------------------------------------------------------

Summary of changes:
 source3/libsmb/clikrb5.c |   30 ++++++++++--------------------
 1 files changed, 10 insertions(+), 20 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 5d51a5b..b4962a0 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -704,26 +704,16 @@ static krb5_error_code create_gss_checksum(krb5_data *in_data, /* [inout] */
 	memset(gss_cksum, '\0', base_cksum_size + orig_length);
 	SIVAL(gss_cksum, 0, GSSAPI_BNDLENGTH);
 
-	/* Precalculated MD5sum of NULL channel bindings (20 bytes) */
-	/* Channel bindings are: (all ints encoded as little endian)
-
-		[4 bytes] initiator_addrtype (255 for null bindings)
-		[4 bytes] initiator_address length
-			[n bytes] .. initiator_address data - not present
-				     in null bindings.
-		[4 bytes] acceptor_addrtype (255 for null bindings)
-		[4 bytes] acceptor_address length
-			[n bytes] .. acceptor_address data - not present
-				     in null bindings.
-		[4 bytes] application_data length
-			[n bytes] .. application_ data - not present
-				     in null bindings.
-		MD5 of this is ""\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18"
-	*/
-
-	memcpy(&gss_cksum[4],
-		"\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18",
-		GSSAPI_BNDLENGTH);
+	/*
+	 * GSS_C_NO_CHANNEL_BINDINGS means 16 zero bytes.
+	 * This matches the behavior of heimdal and mit.
+	 *
+	 * And it is needed to work against some closed source
+	 * SMB servers.
+	 *
+	 * See bug #7883
+	 */
+	memset(&gss_cksum[4], 0x00, GSSAPI_BNDLENGTH);
 
 	SIVAL(gss_cksum, 20, gss_flags);
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list