sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

Send the user's session key in the SAMLOGON reply, so that a member server can

Browse Source 
use smb signing.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 0001-01-01 00:00:00 +00:00
parent b1c722e306
commit 574e8a8ab7
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source/rpc_parse/parse_net.c
View File

@ -1271,7 +1271,7 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr,
uint16 logon_count, uint16 bad_pw_count,
uint32 num_groups, const DOM_GID *gids,
uint32 user_flgs, uchar *sess_key,
uint32 user_flgs, uchar sess_key[16],
const char *logon_srv, const char *logon_dom,
const DOM_SID *dom_sid, const char *other_sids)
{
@ -1448,7 +1448,7 @@ BOOL net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps,
if(!prs_uint32("user_flgs ", ps, depth, &usr->user_flgs)) /* user flags */
return False;
if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* unused user session key */
if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* user session key */
return False;
if(!smb_io_unihdr("hdr_logon_srv", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */

13
source/rpc_server/srv_netlog_nt.c
View File

@ -666,7 +666,9 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
pstring my_name;
fstring user_sid_string;
fstring group_sid_string;
uchar user_sess_key[16];
uchar netlogon_sess_key[16];
sampw = server_info->sam_account;
/* set up pointer indicating user/password failed to be found */
@ -697,6 +699,12 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
return status;
}
ZERO_STRUCT(netlogon_sess_key);
memcpy(netlogon_sess_key, p->dc.sess_key, 8);
memcpy(user_sess_key, server_info->session_key, sizeof(user_sess_key));
SamOEMhash(user_sess_key, netlogon_sess_key, 16);
ZERO_STRUCT(netlogon_sess_key);
init_net_user_info3(p->mem_ctx, usr_info,
user_rid,
group_rid,
@ -719,13 +727,14 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
num_gids, /* uint32 num_groups */
gids , /* DOM_GID *gids */
0x20 , /* uint32 user_flgs (?) */
NULL, /* uchar sess_key[16] */
user_sess_key,
my_name , /* char *logon_srv */
pdb_get_domain(sampw),
&domain_sid, /* DOM_SID *dom_sid */
/* Should be users domain sid, not servers - for trusted domains */
NULL); /* char *other_sids */
ZERO_STRUCT(user_sess_key);
}
free_server_info(&server_info);
return status;