libcli/auth: remove bogus comment regarding replay attacks

creds->sequence (timestamp) is the value that is used to increment the internal
state, it's not a real sequence number. The sequence comes
from adding all timestamps of the whole session.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 197db86818c471a41256cfac4b9843b894fb0e20..afb4a04b55cba668a8d627093b8f3a86fb40a722 100644 (file)
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -473,8 +473,6 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       /* TODO: this may allow the a replay attack on a non-signed
-          connection. Should we check that this is increasing? */
        creds->sequence = received_authenticator->timestamp;
        netlogon_creds_step(creds);
        if (netlogon_creds_server_check_internal(creds, &received_authenticator->cred)) {