libcli/auth: remove bogus comment regarding replay attacks
authorStefan Metzmacher <metze@samba.org>
Tue, 17 Dec 2013 18:40:15 +0000 (19:40 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 17 Dec 2013 19:08:29 +0000 (20:08 +0100)
creds->sequence (timestamp) is the value that is used to increment the internal
state, it's not a real sequence number. The sequence comes
from adding all timestamps of the whole session.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
libcli/auth/credentials.c

index 197db86818c471a41256cfac4b9843b894fb0e20..afb4a04b55cba668a8d627093b8f3a86fb40a722 100644 (file)
@@ -473,8 +473,6 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       /* TODO: this may allow the a replay attack on a non-signed
-          connection. Should we check that this is increasing? */
        creds->sequence = received_authenticator->timestamp;
        netlogon_creds_step(creds);
        if (netlogon_creds_server_check_internal(creds, &received_authenticator->cred)) {