[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Mon Mar 19 14:32:04 MDT 2012 

The branch, master has been updated
       via  0902392 s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
      from  ee0e1ca s4:selftest: add test for "samba-tool group list"

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 0902392413dcbd8bedcb7c42d86497d671ba1e0f
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Dec 15 10:00:36 2011 +1100

    s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
    
    This ensures that we have some check on the session keys being returned
    as the RC4 cipher is not checksumed.
    
    The check comes from the fact that the credentials chain is tied to
    the session key, and so if the credentials check passes then the
    netlogon session key will be correct, and so the user session key
    will be correctly decrypted.
    
    Andrew Bartlett
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Mon Mar 19 21:31:46 CET 2012 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/winbindd_pam.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index b7aec20..6757f36 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1246,7 +1246,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 			domain->can_do_validation6 = false;
 		}
 
-		if (domain->can_do_samlogon_ex) {
+		if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
 			result = rpccli_netlogon_sam_network_logon_ex(
 					netlogon_pipe,
 					mem_ctx,
@@ -1256,7 +1256,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 					domainname,	/* target domain */
 					workstation,	/* workstation */
 					chal,
-					domain->can_do_validation6 ? 6 : 3,
+					6,
 					lm_response,
 					nt_response,
 					info3);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list