auth use info3 in auth_serversupplied_info (source3/)

simo idra at samba.org
Thu May 27 18:24:38 MDT 2010


On Fri, 2010-05-28 at 10:17 +1000, Andrew Bartlett wrote:
> On Thu, 2010-05-27 at 19:49 -0400, simo wrote:

> /* This is the final session key, as used by SMB signing, and (truncated
> to 16 bytes) encryption on the SAMR and LSA pipes when over ncacn_np.
> It is calculated by NTLMSSP from the session key in the info3, and is
> set from the Kerberos session key using krb5_auth_con_getremotesubkey().
> */

Should we add this comment to the auth_serversupplied_info structure ?

> Yes and no.  The conversion two and from the samu invoked this code, and
> from the comments deliberately so.  By short-cutting it, I think we have
> changed semantics. 
> 
> It is a horrible violation of abstraction, and I really want it to die,
> but I first want to bring it to your attention :-)

I will check if that is still the case, testing didn't reveal any issue,
but our test do not cover all cases indeed.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>



More information about the samba-technical mailing list