CVS update: samba/source/rpc_server
Luke Leighton
lkcl at samba.anu.edu.au
Wed Jan 5 22:28:20 EST 2000
Date: Wednesday January 5, 2000 @ 22:28
Author: lkcl
Update of /data/cvs/samba/source/rpc_server
In directory samba:/tmp/cvs-serv24685/rpc_server
Modified Files:
Tag: SAMBA_TNG
srv_netlog.c srv_pipe_srv.c
Log Message:
finally got somewhere with encrypted msrpc. i had to do some hacking about
of the network logon NetrSamLogon, would you believe it! i finally
understand why microsoft return 8 bytes of the user's password in
NetrSamLogon (network logon), it's so that you can generate NTLMSSP
state.
NT4sp2 and below used to send 8 bytes of LM# in-the-clear, which was SO
stupid that paul ashton and i had to tell them about it, and they now
use some obfuscation based on the negotiated-NETLOGON-session-key.
i can't remember exactly what this obfuscation was, so i just guessed,
for now, and i'll test against an NT PDC, later, when i have one.
security-implications are that if you know a workstation's trust account
password (default to lower-case), you can watch network traffic and _still_
obtain first 8 bytes of user's LM# (generated from 1st 7 bytes uppercase
of user's cleartext password) from *network* NetrSamLogons.
no wonder microsoft want to replace this stuff with Kerberos 5.
More information about the samba-cvs
mailing list