The Samba-Bugzilla – Attachment 8814 Details for
Bug 9817
'map untrusted to domain' does not work with NTLMv2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
v3-6-test patch
0001-BUG-9817-Fix-map-untrusted-to-domain-with-NTLMv2.patch (text/plain), 1.52 KB, created by
Andreas Schneider
on 2013-04-24 15:59:15 UTC
(
hide
)
Description:
v3-6-test patch
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2013-04-24 15:59:15 UTC
Size:
1.52 KB
patch
obsolete
>From cf2cd4220c7c0700cff4dcd7e060c8f740193d49 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 24 Apr 2013 15:27:21 +0200 >Subject: [PATCH] BUG 9817: Fix 'map untrusted to domain' with NTLMv2. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Günther Deschner <gd@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Wed Apr 24 17:14:48 CEST 2013 on sn-devel-104 >--- > source3/auth/auth_winbind.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > >diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c >index 2143353..57a8866 100644 >--- a/source3/auth/auth_winbind.c >+++ b/source3/auth/auth_winbind.c >@@ -62,9 +62,15 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, > } > > /* Send off request */ >- > params.account_name = user_info->client.account_name; >- params.domain_name = user_info->mapped.domain_name; >+ /* >+ * We need to send the domain name from the client to the DC. With >+ * NTLMv2 the domain name is part of the hashed second challenge, >+ * if we change the domain name, the DC will fail to verify the >+ * challenge cause we changed the domain name, this is like a >+ * man in the middle attack. >+ */ >+ params.domain_name = user_info->client.domain_name; > params.workstation_name = user_info->workstation_name; > > params.flags = 0; >-- >1.8.2.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
gd
:
review+
Actions:
View
Attachments on
bug 9817
:
8797
|
8813
| 8814