This torture test and skipping of the server-side check was bogus.

The IDL is declared to force the MessageType to 3 on output, so we instead checked the same thing 255 times... Andrew Bartlett
author: Andrew Bartlett <abartlet@samba.org> 2008-09-22 14:23:22 -0700
committer: Andrew Bartlett <abartlet@samba.org> 2008-09-22 14:23:22 -0700
commit: cebd9a9013a76073c3035b74175d228116fc7e48 (patch)
tree: 242265c7e48a3401be2d065aee453de2771d8e9e /source4/kdc
parent: 1d92b2211cc507dd62526f564ec7f75a07110e00 (diff)
download: samba-cebd9a9013a76073c3035b74175d228116fc7e48.tar.gz
samba-cebd9a9013a76073c3035b74175d228116fc7e48.tar.xz
samba-cebd9a9013a76073c3035b74175d228116fc7e48.zip
1 files changed, 1 insertions, 3 deletions
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 307c39a43c..030eb23c10 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -584,13 +584,11 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 	
-#if 0
-	/* Windows does not check this */
 	if (pac_validate.MessageType != 3) {
 		/* We don't implement any other message types - such as certificate validation - yet */
 		return NT_STATUS_INVALID_PARAMETER;
 	}
-#endif	
+
 	if (pac_validate.ChecksumAndSignature.length != (pac_validate.ChecksumLength + pac_validate.SignatureLength)
 	    || pac_validate.ChecksumAndSignature.length < pac_validate.ChecksumLength
 	    || pac_validate.ChecksumAndSignature.length < pac_validate.SignatureLength ) {
author	Andrew Bartlett <abartlet@samba.org>	2008-09-22 14:23:22 -0700
committer	Andrew Bartlett <abartlet@samba.org>	2008-09-22 14:23:22 -0700
commit	cebd9a9013a76073c3035b74175d228116fc7e48 (patch)
tree	242265c7e48a3401be2d065aee453de2771d8e9e /source4/kdc
parent	1d92b2211cc507dd62526f564ec7f75a07110e00 (diff)
download	samba-cebd9a9013a76073c3035b74175d228116fc7e48.tar.gz samba-cebd9a9013a76073c3035b74175d228116fc7e48.tar.xz samba-cebd9a9013a76073c3035b74175d228116fc7e48.zip