CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
authorStefan Metzmacher <metze@samba.org>
Tue, 17 Dec 2013 10:49:31 +0000 (11:49 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:23 +0000 (19:25 +0200)
commit1e3bd3e6ac9d5bc97d6361d89abd7990bcaf91b8
tree758d81e4dfe730dbd254c93175edbebe22398535
parenta4dd51294603e3ad92d204ca3d8436de29c926e6
CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure

[MS-SPNG] requires the NTLMSSP RC4 states to be reset after
the SPNEGO exchange with mechListMic verification (new_spnego).

This provides the infrastructure for this feature.

The 'reset_full' parameter is needed to support the broken
behavior that windows only resets the RC4 states but not the
sequence numbers. Which means this functionality is completely
useless... But we want to work against all windows versions...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
auth/gensec/gensec.c
auth/gensec/gensec_internal.h
auth/gensec/spnego.c