r5940: fix schannel against w2k, it skips the confounder in the signature (24 bytes...

author Stefan Metzmacher <metze@samba.org>

Tue, 22 Mar 2005 06:58:27 +0000 (06:58 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 18:11:10 +0000 (13:11 -0500)
author Stefan Metzmacher <metze@samba.org>
Tue, 22 Mar 2005 06:58:27 +0000 (06:58 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:11:10 +0000 (13:11 -0500)
diff --git a/source4/libcli/auth/schannel.c b/source4/libcli/auth/schannel.c

index a5521d46263cbe2dde69365b532c4f87f2b8d865..d582ff2dd0ee0b4c8053caa6224af7ce9bfaf33e 100644 (file)
--- a/source4/libcli/auth/schannel.c
+++ b/source4/libcli/auth/schannel.c
@@ -158,7 +158,8 @@ NTSTATUS schannel_check_packet(struct schannel_state *state,
         uint8_t seq_num[8];
         static const uint8_t netsec_sig[8] = NETSEC_SIGN_SIGNATURE;
  
-       if (sig->length != 32) {
+       /* w2k sends just 24 bytes and skip the confounder */
+       if (sig->length != 32 && sig->length != 24) {
                 return NT_STATUS_ACCESS_DENIED;
         }
author	Stefan Metzmacher <metze@samba.org>
	Tue, 22 Mar 2005 06:58:27 +0000 (06:58 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:11:10 +0000 (13:11 -0500)