[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Mar 19 14:32:04 MDT 2012
The branch, master has been updated
via 0902392 s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
from ee0e1ca s4:selftest: add test for "samba-tool group list"
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0902392413dcbd8bedcb7c42d86497d671ba1e0f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Dec 15 10:00:36 2011 +1100
s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
This ensures that we have some check on the session keys being returned
as the RC4 cipher is not checksumed.
The check comes from the fact that the credentials chain is tied to
the session key, and so if the credentials check passes then the
netlogon session key will be correct, and so the user session key
will be correctly decrypted.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra at samba.org>
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Mon Mar 19 21:31:46 CET 2012 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_pam.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index b7aec20..6757f36 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1246,7 +1246,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
domain->can_do_validation6 = false;
}
- if (domain->can_do_samlogon_ex) {
+ if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
result = rpccli_netlogon_sam_network_logon_ex(
netlogon_pipe,
mem_ctx,
@@ -1256,7 +1256,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
domainname, /* target domain */
workstation, /* workstation */
chal,
- domain->can_do_validation6 ? 6 : 3,
+ 6,
lm_response,
nt_response,
info3);
--
Samba Shared Repository
More information about the samba-cvs
mailing list