The Samba-Bugzilla – Attachment 7285 Details for
Bug 8599
WINBINDD_PAM_AUTH_CRAP returns invalid user session key
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to add some debug and trigger a level 3 response on SamLogonEx
debug.patch (text/plain), 2.29 KB, created by
Matthieu Patou
on 2012-02-02 08:03:17 UTC
(
hide
)
Description:
patch to add some debug and trigger a level 3 response on SamLogonEx
Filename:
MIME Type:
Creator:
Matthieu Patou
Created:
2012-02-02 08:03:17 UTC
Size:
2.29 KB
patch
obsolete
>diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c >index 504f594..6b24a19 100644 >--- a/libcli/auth/credentials.c >+++ b/libcli/auth/credentials.c >@@ -434,6 +434,7 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred > } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { > if (memcmp(base->key.key, zeros, > sizeof(base->key.key)) != 0) { >+ DEBUG(0, ("Key for user session key decryption: %x %x %x\n", creds->session_key[0], creds->session_key[1], creds->session_key[2])); > netlogon_creds_arcfour_crypt(creds, > base->key.key, > sizeof(base->key.key)); >diff --git a/libcli/auth/schannel_sign.c b/libcli/auth/schannel_sign.c >index 0672f67..6c0e682 100644 >--- a/libcli/auth/schannel_sign.c >+++ b/libcli/auth/schannel_sign.c >@@ -176,6 +176,7 @@ NTSTATUS netsec_incoming_packet(struct schannel_state *state, > SIVAL(seq_num, 4, state->initiator?0:0x80); > > if (do_unseal) { >+ DEBUG(0, ("SCHANEL KEY=%x %x %x\n",state->creds->session_key[0],state->creds->session_key[1],state->creds->session_key[2])); > netsec_do_seal(state, seq_num, > confounder, > data, length); >diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c >index df83dc6..6454910 100644 >--- a/source3/winbindd/winbindd_pam.c >+++ b/source3/winbindd/winbindd_pam.c >@@ -1224,6 +1224,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain, > > generate_random_buffer(chal, 8); > if (lp_client_ntlmv2_auth()) { >+ DEBUG(10, ("We have lp_client_ntlmv2_auth %s %s\n",name_user, name_domain)); > DATA_BLOB server_chal; > DATA_BLOB names_blob; > DATA_BLOB nt_response; >@@ -1314,6 +1315,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain, > } > auth = netlogon_pipe->auth; > if (netlogon_pipe->dc) { >+ DEBUG(1, ("This is netlogon_pipe->dc\n")); > neg_flags = netlogon_pipe->dc->negotiate_flags; > } > >@@ -1965,7 +1967,8 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, > if (netlogon_pipe->dc) { > neg_flags = netlogon_pipe->dc->negotiate_flags; > } >- >+ DEBUG(0, ("Forcing validation to 3\n")); >+ domain->can_do_validation6 = false; > if (auth == NULL) { > domain->can_do_validation6 = false; > } else if (auth->auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7285">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 8599
:
7081
|
7082
|
7083
|
7183
|
7184
|
7280
|
7281
|
7282
|
7283
|
7284
| 7285 |
7325
|
7367
|
7377