From: Günther Deschner Date: Thu, 7 May 2009 11:36:52 +0000 (+0200) Subject: s3-auth: use full 16byte session key in make_user_info_netlogon_interactive(). X-Git-Tag: tdb-1.1.5~694 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d5e0eadb858d9717b68a770c8789a9432bbb3f7;p=thirdparty%2Fsamba.git s3-auth: use full 16byte session key in make_user_info_netlogon_interactive(). Patch from Jeremy. With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a Samba 3 Domain. There are still two registry settings required: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Do *not* modify the other netlogon registry parameters that were passed around, they weaken security. Guenther (cherry picked from commit b5097d54cb74ca0ea328f9e029562f65f4a01134) --- diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 35998f79f9c..c0d23474cd4 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -310,8 +310,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, unsigned char local_nt_response[24]; unsigned char key[16]; - ZERO_STRUCT(key); - memcpy(key, dc_sess_key, 8); + memcpy(key, dc_sess_key, 16); if (lm_interactive_pwd) memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd)); diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index de53aebb91a..141f63581c4 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -119,7 +119,7 @@ struct dcinfo { struct netr_Credential clnt_chal; /* Client credential */ struct netr_Credential srv_chal; /* Server credential */ - unsigned char sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */ + unsigned char sess_key[16]; /* Session key */ unsigned char mach_pw[16]; /* md4(machine password) */ fstring mach_acct; /* Machine name we've authenticated. */