[cifs-protocol] encryption key for NetrLogonSamLogonEx
Andrew Bartlett
abartlet at samba.org
Fri Feb 17 23:57:40 MST 2012
On Sat, 2012-02-11 at 15:40 -0800, Matthieu Patou wrote:
> Hello Dochelp,
>
> A bug report concerning user's session key was reported in samba when
> using level 3 validation for NetrLogonSamLogonEx.
>
> I did a bit of investigation and witnessed the corruption if we use
> level 3 validation for NetrLogonSamLogonEx and if samba opens more than
> 1 schannel connection with one DC and is not using the session key of
> the latest connection for decrypting the user's session key (and other
> encrypted fields) in the Validation 3 response.
>
> I checked that samba is using the same key for encrypting and decrypting
> schannel and sensitive fields in the validation 3 response of the
> NetrLogonSamLogonEx call.
>
> MS-NRPC seems to indicate that the session key should be the same and I
> didn't find a trace in the documentation saying that only the latest
> session key exchanged during a NetrAuthenticateX and what seems even
> more puzzeling is that using the "old" session key for schannel
> encryption and decryption works.
>
> Can you explain us the problem ?
Matthieu,
The issue is in part that RC4 encryption is not checksumed, and so the
stream cipher has no way to tell if the encryption was in fact valid.
Therefore, you can decrypt a returned session key with the wrong key and
have no errors.
The reason for my original patch in
https://bugzilla.samba.org/show_bug.cgi?id=8599 is that only by
validating the netlogon authentication chain can we have any confidence
that we share the same session key as the remote server at this exact
moment.
Of course, when we can choose a level without netlogon authentication
and without an encrypted session key, this is even better.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the cifs-protocol
mailing list