From: Jeremy Allison <jra@samba.org>
Date: Thu, 7 May 2009 19:53:31 +0000 (-0700)
Subject: s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43bab13d00fa073acf709ac9a66cb2782694811b;p=thirdparty%2Fsamba.git

s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().

Patch from Jeremy.

With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.

There are still two registry settings required:

	HKLM\System\CCS\Services\LanmanWorkstation\Parameters
		DWORD  DomainCompatibilityMode = 1
		DWORD  DNSNameResolutionRequired = 0

Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.

Guenther / Jeremy.
---

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 175a234d93c..c9b5614419a 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -292,8 +292,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
 	unsigned char local_nt_response[24];
 	unsigned char key[16];
 	
-	ZERO_STRUCT(key);
-	memcpy(key, dc_sess_key, 8);
+	memcpy(key, dc_sess_key, 16);
 	
 	if (lm_interactive_pwd)
 		memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd));
diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h
index b89b0fea3a6..9ebef4ccf8a 100644
--- a/source/include/ntdomain.h
+++ b/source/include/ntdomain.h
@@ -139,7 +139,7 @@ struct dcinfo {
 	struct netr_Credential clnt_chal; /* Client credential */
 	struct netr_Credential srv_chal;  /* Server credential */
  
-	unsigned char  sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */
+	unsigned char  sess_key[16]; /* Session key */
 	unsigned char  mach_pw[16];   /* md4(machine password) */
 
 	fstring mach_acct;  /* Machine name we've authenticated. */