[cifs-protocol] encryption key for NetrLogonSamLogonEx
edgaro at microsoft.com
Mon Feb 13 11:29:27 MST 2012
[Dochelp to bcc]
This issue is being tracked as case 112021212002899. An acknowledgement has been sent as well.
One of our teammates will follow-up with you soon.
From: Darryl Welch
Sent: Monday, February 13, 2012 12:17 PM
To: Interoperability Documentation Help
Cc: mat at samba.org
Subject: FW: encryption key for NetrLogonSamLogonEx
It looks like Matt received an NDR when attempting to send this request to Dochelp.
From: Matthieu Patou [mailto:mat at samba.org]
Sent: Saturday, February 11, 2012 3:41 PM
To: Interoperability Documentation Help; pfif at tridgell.net; cifs-protocol at samba.org
Subject: encryption key for NetrLogonSamLogonEx
A bug report concerning user's session key was reported in samba when using level 3 validation for NetrLogonSamLogonEx.
I did a bit of investigation and witnessed the corruption if we use level 3 validation for NetrLogonSamLogonEx and if samba opens more than
1 schannel connection with one DC and is not using the session key of the latest connection for decrypting the user's session key (and other encrypted fields) in the Validation 3 response.
I checked that samba is using the same key for encrypting and decrypting schannel and sensitive fields in the validation 3 response of the NetrLogonSamLogonEx call.
MS-NRPC seems to indicate that the session key should be the same and I didn't find a trace in the documentation saying that only the latest session key exchanged during a NetrAuthenticateX and what seems even more puzzeling is that using the "old" session key for schannel encryption and decryption works.
Can you explain us the problem ?
I can do TTTrace as the problem is highly reproducible.
More information about the cifs-protocol