Bug 5495 - bad user session key computation when using ntlm-server-1
bad user session key computation when using ntlm-server-1
Status: RESOLVED FIXED
Product: Samba 3.2
Classification: Unclassified
Component: Winbind
unspecified
Other All
: P3 normal
: ---
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-28 08:42 UTC by SIMON, Gabor
Modified: 2008-07-30 03:07 UTC (History)
0 users

See Also:


Attachments
unnecessary encoding of user session key removed (1.15 KB, patch)
2008-05-28 08:45 UTC, SIMON, Gabor
no flags Details
decrypting the original session key instead of a local copy (2.39 KB, patch)
2008-05-30 07:32 UTC, SIMON, Gabor
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description SIMON, Gabor 2008-05-28 08:42:51 UTC
When providing a fully specified input to 'ntlm_auth' (Username, NT-Domain,
LANMAN-Challenge, NT-Response, Request-User-Session-Key: yes), the returned
user session key is invalid (should be HMAC_MD5(ResponseKeyNT, NTProofStr) as in
MS-NLMP.pdf 3.3.2.
The returned session key varies at every restart of winbindd even using the same
input, so some shared data of the winbindd-DC session is involved.
Comment 1 SIMON, Gabor 2008-05-28 08:45:26 UTC
Created attachment 3316 [details]
unnecessary encoding of user session key removed

Removal of the unnecessary encoding of ntlm user session key.
Comment 2 SIMON, Gabor 2008-05-30 07:32:58 UTC
Created attachment 3320 [details]
decrypting the original session key instead of a local copy

decrypting the original session key instead of a local copy
Comment 3 Volker Lendecke 2008-07-30 03:07:44 UTC
Ooops, sorry. Had not looked at this one, sorry. This is the same one as bug 5616 which is fixed.

Thanks for the patches, a similar one now went into the tree.

Volker