auth use info3 in auth_serversupplied_info (source3/)

Andrew Bartlett abartlet at
Thu May 27 18:32:28 MDT 2010

On Thu, 2010-05-27 at 20:24 -0400, simo wrote:
> On Fri, 2010-05-28 at 10:17 +1000, Andrew Bartlett wrote:
> > On Thu, 2010-05-27 at 19:49 -0400, simo wrote:
> > /* This is the final session key, as used by SMB signing, and (truncated
> > to 16 bytes) encryption on the SAMR and LSA pipes when over ncacn_np.
> > It is calculated by NTLMSSP from the session key in the info3, and is
> > set from the Kerberos session key using krb5_auth_con_getremotesubkey().
> > */
> Should we add this comment to the auth_serversupplied_info structure ?

Please do :-)

> > Yes and no.  The conversion two and from the samu invoked this code, and
> > from the comments deliberately so.  By short-cutting it, I think we have
> > changed semantics. 
> > 
> > It is a horrible violation of abstraction, and I really want it to die,
> > but I first want to bring it to your attention :-)
> I will check if that is still the case, testing didn't reveal any issue,
> but our test do not cover all cases indeed.

Yeah.  It's one of the challenges from the many different modes of
operation we support.  

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list