The Samba-Bugzilla – Attachment 7183 Details for
Bug 8599
WINBINDD_PAM_AUTH_CRAP returns invalid user session key
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed (untested) patch for 3.6 and master
0001-s3-winbindd-Only-use-SamLogonEx-when-we-can-get-unen.patch (text/plain), 1.49 KB, created by
Andrew Bartlett
on 2011-12-14 23:37:44 UTC
(
hide
)
Description:
Proposed (untested) patch for 3.6 and master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2011-12-14 23:37:44 UTC
Size:
1.49 KB
patch
obsolete
>From 261fb36286ae72a778463ca58c9d25445ddef00a Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 15 Dec 2011 10:00:36 +1100 >Subject: [PATCH] s3-winbindd Only use SamLogonEx when we can get unencrypted > session keys > >This ensures that we have some check on the session keys being returned >as the RC4 cipher is not checksumed. > >The check comes from the fact that the credentials chain is tied to >the session key, and so if the credentials check passes then the >netlogon session key will be correct, and so the user session key >will be correctly decrypted. > >Andrew Bartlett >--- > source3/winbindd/winbindd_pam.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c >index bde16b1..4969a60 100644 >--- a/source3/winbindd/winbindd_pam.c >+++ b/source3/winbindd/winbindd_pam.c >@@ -1220,7 +1220,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, > domain->can_do_validation6 = false; > } > >- if (domain->can_do_samlogon_ex) { >+ if (domain->can_do_samlogon_ex && domain->can_do_validation6) { > result = rpccli_netlogon_sam_network_logon_ex( > netlogon_pipe, > mem_ctx, >@@ -1230,7 +1230,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, > domainname, /* target domain */ > workstation, /* workstation */ > chal, >- domain->can_do_validation6 ? 6 : 3, >+ 6, > lm_response, > nt_response, > info3); >-- >1.7.6.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 8599
:
7081
|
7082
|
7083
| 7183 |
7184
|
7280
|
7281
|
7282
|
7283
|
7284
|
7285
|
7325
|
7367
|
7377