The branch, master has been updated
via 0902392 s3-winbindd Only use SamLogonEx when we can get unencrypted
session keys
from ee0e1ca s4:selftest: add test for "samba-tool group list"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0902392413dcbd8bedcb7c42d86497d671ba1e0f
Author: Andrew Bartlett <[email protected]>
Date: Thu Dec 15 10:00:36 2011 +1100
s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
This ensures that we have some check on the session keys being returned
as the RC4 cipher is not checksumed.
The check comes from the fact that the credentials chain is tied to
the session key, and so if the credentials check passes then the
netlogon session key will be correct, and so the user session key
will be correctly decrypted.
Andrew Bartlett
Signed-off-by: Jeremy Allison <[email protected]>
Autobuild-User: Jeremy Allison <[email protected]>
Autobuild-Date: Mon Mar 19 21:31:46 CET 2012 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_pam.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index b7aec20..6757f36 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1246,7 +1246,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct
winbindd_domain *domain,
domain->can_do_validation6 = false;
}
- if (domain->can_do_samlogon_ex) {
+ if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
result = rpccli_netlogon_sam_network_logon_ex(
netlogon_pipe,
mem_ctx,
@@ -1256,7 +1256,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct
winbindd_domain *domain,
domainname, /* target domain */
workstation, /* workstation */
chal,
- domain->can_do_validation6 ? 6 : 3,
+ 6,
lm_response,
nt_response,
info3);
--
Samba Shared Repository
