mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
s3:libsmb: use 16 zero bytes as channel binding checksum in the gssapi checksum (bug #7883)
This fixes SMB session setups with kerberos against some closed source SMB servers. The new behavior matches heimdal and mit. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 23 09:38:43 CET 2010 on sn-devel-104
This commit is contained in:
parent
30d29e64cb
commit
e9dddc55e3
@ -704,26 +704,16 @@ static krb5_error_code create_gss_checksum(krb5_data *in_data, /* [inout] */
|
||||
memset(gss_cksum, '\0', base_cksum_size + orig_length);
|
||||
SIVAL(gss_cksum, 0, GSSAPI_BNDLENGTH);
|
||||
|
||||
/* Precalculated MD5sum of NULL channel bindings (20 bytes) */
|
||||
/* Channel bindings are: (all ints encoded as little endian)
|
||||
|
||||
[4 bytes] initiator_addrtype (255 for null bindings)
|
||||
[4 bytes] initiator_address length
|
||||
[n bytes] .. initiator_address data - not present
|
||||
in null bindings.
|
||||
[4 bytes] acceptor_addrtype (255 for null bindings)
|
||||
[4 bytes] acceptor_address length
|
||||
[n bytes] .. acceptor_address data - not present
|
||||
in null bindings.
|
||||
[4 bytes] application_data length
|
||||
[n bytes] .. application_ data - not present
|
||||
in null bindings.
|
||||
MD5 of this is ""\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18"
|
||||
/*
|
||||
* GSS_C_NO_CHANNEL_BINDINGS means 16 zero bytes.
|
||||
* This matches the behavior of heimdal and mit.
|
||||
*
|
||||
* And it is needed to work against some closed source
|
||||
* SMB servers.
|
||||
*
|
||||
* See bug #7883
|
||||
*/
|
||||
|
||||
memcpy(&gss_cksum[4],
|
||||
"\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18",
|
||||
GSSAPI_BNDLENGTH);
|
||||
memset(&gss_cksum[4], 0x00, GSSAPI_BNDLENGTH);
|
||||
|
||||
SIVAL(gss_cksum, 20, gss_flags);
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user