git.samba.org - samba.git/commit

author	Stefan Metzmacher <metze@samba.org>
	Wed, 19 Sep 2007 14:33:32 +0000 (14:33 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 17:30:52 +0000 (12:30 -0500)
commit	42349190b7c9b69009549770fe6ec7cd2df5d8ee
tree	4c2c02f026d0b84a1d5ed9ddfddae36b2261a8f9	tree
parent	0d1e7e97d3b40773e60df916cf2b43768eb5bca1	commit \| diff

r25227: Patch from "Steven Danneman" <steven.danneman@isilon.com>:

-
We ran across a bug joining our Samba server to a Win2K domain with LDAP
signing turned on.  Upon investigation I discovered that there is a bug
in Win2K server which returns a duplicated responseToken in the LDAP
bindResponse packet.  This blob is placed in the optional mechListMIC
field which is unsupported in both Win2K and Win2K3.  You can see RFC
2478 for the proper packet construction.  I've worked with metze on this
to confirm all these finding.

This patch properly parses then discards the mechListMIC field if it
exists in the packet, so we don't produce a malformed packet error,
causing LDAP signed joins to fail.  Also attached is a sniff of the
domain join, exposing Win2Ks bad behavior (packet 21).
-

(I've just changed the scope of the DATA_BLOB mechList)

metze
(This used to be commit 200b5bfb8180af09446762e915eac63d14c6c7b0)