auth use info3 in auth_serversupplied_info (source3/)
Andrew Bartlett
abartlet at samba.org
Thu May 27 18:32:28 MDT 2010
On Thu, 2010-05-27 at 20:24 -0400, simo wrote:
> On Fri, 2010-05-28 at 10:17 +1000, Andrew Bartlett wrote:
> > On Thu, 2010-05-27 at 19:49 -0400, simo wrote:
>
> > /* This is the final session key, as used by SMB signing, and (truncated
> > to 16 bytes) encryption on the SAMR and LSA pipes when over ncacn_np.
> > It is calculated by NTLMSSP from the session key in the info3, and is
> > set from the Kerberos session key using krb5_auth_con_getremotesubkey().
> > */
>
> Should we add this comment to the auth_serversupplied_info structure ?
Please do :-)
> > Yes and no. The conversion two and from the samu invoked this code, and
> > from the comments deliberately so. By short-cutting it, I think we have
> > changed semantics.
> >
> > It is a horrible violation of abstraction, and I really want it to die,
> > but I first want to bring it to your attention :-)
>
> I will check if that is still the case, testing didn't reveal any issue,
> but our test do not cover all cases indeed.
Yeah. It's one of the challenges from the many different modes of
operation we support.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100528/5bc9df2e/attachment.pgp>
More information about the samba-technical
mailing list