Bug 5495 - bad user session key computation when using ntlm-server-1
Summary: bad user session key computation when using ntlm-server-1
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Winbind (show other bugs)
Version: unspecified
Hardware: Other All
: P3 normal
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-05-28 08:42 UTC by SIMON, Gabor
Modified: 2008-07-30 03:07 UTC (History)
0 users

See Also:

Attachments
unnecessary encoding of user session key removed (1.15 KB, patch)
2008-05-28 08:45 UTC, SIMON, Gabor 		no flags Details
decrypting the original session key instead of a local copy (2.39 KB, patch)
2008-05-30 07:32 UTC, SIMON, Gabor 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SIMON, Gabor 2008-05-28 08:42:51 UTC 
When providing a fully specified input to 'ntlm_auth' (Username, NT-Domain,
LANMAN-Challenge, NT-Response, Request-User-Session-Key: yes), the returned
user session key is invalid (should be HMAC_MD5(ResponseKeyNT, NTProofStr) as in
MS-NLMP.pdf 3.3.2.
The returned session key varies at every restart of winbindd even using the same
input, so some shared data of the winbindd-DC session is involved.
Comment 1 SIMON, Gabor 2008-05-28 08:45:26 UTC 
Created attachment 3316 [details]
unnecessary encoding of user session key removed

Removal of the unnecessary encoding of ntlm user session key.
Comment 2 SIMON, Gabor 2008-05-30 07:32:58 UTC 
Created attachment 3320 [details]
decrypting the original session key instead of a local copy

decrypting the original session key instead of a local copy
Comment 3 Volker Lendecke 2008-07-30 03:07:44 UTC 
Ooops, sorry. Had not looked at this one, sorry. This is the same one as bug 5616 which is fixed.

Thanks for the patches, a similar one now went into the tree.

Volker