[cifs-protocol] encryption key for NetrLogonSamLogonEx
Sebastian Canevari
Sebastian.Canevari at microsoft.com
Sat Feb 11 18:39:01 MST 2012
I can take this
Sent from my Windows Phone
________________________________
From: Matthieu Patou
Sent: 2/11/2012 5:40 PM
To: Interoperability Documentation Help; pfif at tridgell.net; cifs-protocol at samba.org
Subject: [cifs-protocol] encryption key for NetrLogonSamLogonEx
Hello Dochelp,
A bug report concerning user's session key was reported in samba when
using level 3 validation for NetrLogonSamLogonEx.
I did a bit of investigation and witnessed the corruption if we use
level 3 validation for NetrLogonSamLogonEx and if samba opens more than
1 schannel connection with one DC and is not using the session key of
the latest connection for decrypting the user's session key (and other
encrypted fields) in the Validation 3 response.
I checked that samba is using the same key for encrypting and decrypting
schannel and sensitive fields in the validation 3 response of the
NetrLogonSamLogonEx call.
MS-NRPC seems to indicate that the session key should be the same and I
didn't find a trace in the documentation saying that only the latest
session key exchanged during a NetrAuthenticateX and what seems even
more puzzeling is that using the "old" session key for schannel
encryption and decryption works.
Can you explain us the problem ?
I can do TTTrace as the problem is highly reproducible.
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
_______________________________________________
cifs-protocol mailing list
cifs-protocol at cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20120212/c2681be6/attachment.html>
More information about the cifs-protocol
mailing list