[cifs-protocol] encryption key for NetrLogonSamLogonEx

Matthieu Patou mat at samba.org
Sat Feb 18 23:25:16 MST 2012 

On 02/17/2012 10:57 PM, Andrew Bartlett wrote:
> On Sat, 2012-02-11 at 15:40 -0800, Matthieu Patou wrote:
>> Hello Dochelp,
>>
>> A bug report concerning user's session key was reported in samba when
>> using level 3 validation for NetrLogonSamLogonEx.
>>
>> I did a bit of investigation and witnessed the corruption if we use
>> level 3 validation for NetrLogonSamLogonEx and if samba opens more than
>> 1 schannel connection with one DC and is not using the session key of
>> the latest connection for decrypting the user's session key (and other
>> encrypted fields) in the Validation 3 response.
>>
>> I checked that samba is using the same key for encrypting and decrypting
>> schannel and sensitive fields in the validation 3 response of the
>> NetrLogonSamLogonEx call.
>>
>> MS-NRPC seems to indicate that the session key should be the same and I
>> didn't find a trace in the documentation saying that only the latest
>> session key exchanged during a NetrAuthenticateX and what seems even
>> more puzzeling is that using the "old" session key for schannel
>> encryption and decryption works.
>>
>> Can you explain us the problem ?
> Matthieu,
>
> The issue is in part that RC4 encryption is not checksumed, and so the
> stream cipher has no way to tell if the encryption was in fact valid.
> Therefore, you can decrypt a returned session key with the wrong key and
> have no errors.
Right.

> The reason for my original patch in
> https://bugzilla.samba.org/show_bug.cgi?id=8599 is that only by
> validating the netlogon authentication chain can we have any confidence
> that we share the same session key as the remote server at this exact
> moment.
In theory if we are able to decrypt a schannel encrypted RPC we should 
be able to also RC4 encrypted secrets in NetLogon RPC, it seems not to 
be the hence my question to Microsoft to get some clarification.

After this explanation, it might be useful to use your patch and step 
away from LogonEx call if we don't have a schannel connection to a DC.
>
> Of course, when we can choose a level without netlogon authentication
> and without an encrypted session key, this is even better.
>

Matthieu.

-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the cifs-protocol mailing list