From e7e1e1887e79e4dcbd8836b775e387751c44f318 Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Deschner?= Date: Tue, 8 Sep 2009 11:57:52 +0200 Subject: [PATCH] s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs. The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56 byte). We should just ignore the remaining 12 zeroed bytes and proceed. Guenther --- source/include/rpc_dce.h | 2 +- source/rpc_client/cli_pipe.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h index b63f0eac5e3..2129c6db413 100644 --- a/source/include/rpc_dce.h +++ b/source/include/rpc_dce.h @@ -150,7 +150,7 @@ enum schannel_direction { }; /* Maximum size of the signing data in a fragment. */ -#define RPC_MAX_SIGN_SIZE 0x20 /* 32 */ +#define RPC_MAX_SIGN_SIZE 0x38 /* 56 */ /* Maximum PDU fragment size. */ /* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */ diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c index 1442a3c1b8c..2e2767b4707 100644 --- a/source/rpc_client/cli_pipe.c +++ b/source/rpc_client/cli_pipe.c @@ -490,7 +490,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p return NT_STATUS_OK; } - if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) { + if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) { DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len )); return NT_STATUS_INVALID_PARAMETER; } -- 2.47.2