Attachment 8797 Details for Bug 9817 – master patch

[patch] master patch

0001-BUG-9817-Fix-map-untrusted-to-domain-with-NTLMv2.patch (text/plain), 1.26 KB, created by Andreas Schneider on 2013-04-20 10:05:00 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andreas Schneider

Created: 2013-04-20 10:05:00 UTC

Size: 1.26 KB

patch

obsolete

>From b7ed3e9d924dc74de6b289caadfd570e7811ed4a Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@cryptomilk.org>
>Date: Fri, 19 Apr 2013 11:29:53 +0200
>Subject: [PATCH] BUG 9817: Fix 'map untrusted to domain' with NTLMv2.
>
>Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>---
> source3/auth/auth_winbind.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
>diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
>index d4ace2c..2b5c84d 100644
>--- a/source3/auth/auth_winbind.c
>+++ b/source3/auth/auth_winbind.c
>@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
> 	}
> 
> 	/* Send off request */
>-
> 	params.account_name	= user_info->client.account_name;
>-	params.domain_name	= user_info->mapped.domain_name;
>+	/*
>+	 * We need to send the domain name from the client to the DC. With
>+	 * NTLMv2 the domain name is part of the hashed second challenge,
>+	 * if we change the domain name, the DC will fail to verify the
>+	 * challenge cause we changed the domain name, this is like a
>+	 * man in the middle attack.
>+	 */
>+	params.domain_name	= user_info->client.domain_name;
> 	params.workstation_name	= user_info->workstation_name;
> 
> 	params.flags		= 0;
>-- 
>1.8.2.1
>

Actions: View

Attachments on bug 9817: 8797 | 8813 | 8814