RPC auth

[Hernan Ochoa]

hi.

well, i think i found it. 
in rpc_client/cli_pipe.c

in function create_rpc_bind_resp() there the NT/LM hashes are sent.
it says something about a 3-way handshake, and in the same file i guess
the RPC is negotiating the SSP (Security Service Provider) to use, and i
think samba is selecting NTLM, the default. everything is fitting now, i
think.

is there any documentation about this? i mean, something written by the
samba team? apart from cifsntdomain.txt?

well, i'll keep reading the code.


But there's still one thing i like to know, i'll do some tests, but maybe some
of you already did. what is a domain logon?

a connection to NETLOGON, creating the secure channel using the machine trust
account, and then issuing a SAM_LOGON, and here you can choose between an
interactive logon or a network logon, in the interactive logon the NT/LM hashes
are sent encrypted by the Skey, in the network logon the challenge-response
method is sued right? and nt workstation uses the interactive logon type when a
user tries to logon to a PDC using the normal winlogon/msgina interface right?

but then, once i'm logged on, if i do something like

	net use x: \\MYPDC\c$

NT uses the same TCP:139 connection to access this share, but it issues a new
sessetion setup using my credentials, but all this data, and subsequents
SMB_OPEN and stuf fover that tree connect aren't encrypted using the Skey, is
that right?


well, again, i'll do some tests to verify this, but if someone already knows
this, i'll be glad (very glad :)) to hear your experience.

thanks in advance.

bye