sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
f3e349bebc
samba-mirror/source3
History
Alexander Bokovoy f3e349bebc krb5-samba: interdomain trust uses different salt principal 
Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where
DOMAIN is the sAMAccountName without the dollar sign ($)

The salt principal for the BLA$ user object was generated wrong.

dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base
securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010
trustDirection: 3
trustPartner: bla.base
trustPosixOffset: -2147483648
trustType: 2
trustAttributes: 8
flatName: BLA

dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base
userAccountControl: 2080
primaryGroupID: 513
objectSid: S-1-5-21-278041429-3399921908-1452754838-1597
accountExpires: 9223372036854775807
sAMAccountName: BLA$
sAMAccountType: 805306370
pwdLastSet: 131485652467995000

The salt stored by Windows in the package_PrimaryKerberosBlob
(within supplementalCredentials) seems to be
'W4EDOM-L4.BASEkrbtgtBLA' for the above trust
and Samba stores 'W4EDOM-L4.BASEBLA$'.

While the salt used when building the keys from
trustAuthOutgoing/trustAuthIncoming is
'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep  5 03:57:22 CEST 2018 on sn-devel-144
2018-09-05 03:57:22 +02:00
..
auth auth: For NTLM and KDC authentication, log the authentication duration 2018-06-25 08:32:14 +02:00
build PEP8: fix W391: blank line at end of file 2018-08-24 07:49:31 +02:00
client s3:client: Avoid a possible fd leak in do_get() 2018-08-11 01:49:16 +02:00
exports
groupdb lib: Pass mem_ctx to state_path() 2018-08-17 11:30:11 +02:00
include smbd: Remove unused KOPLOCK flags 2018-08-25 03:23:05 +02:00
intl lib: Pass mem_ctx to lock_path() 2018-08-17 11:30:10 +02:00
lib dbwrap: Clarify db_open_watched API 2018-08-17 21:29:15 +02:00
libads libads: Simplify parse_spn() 2018-08-22 03:59:51 +02:00
libgpo/gpext libgpo: Fix CID 1438462 Error handling issues (CHECKED_RETURN) 2018-08-22 00:58:41 +02:00
libnet s3:libads: Add net ads leave keep-account option 2018-07-30 07:34:11 +02:00
librpc smbd: Remove "share_mode_entry->lease" 2018-07-27 01:42:31 +02:00
libsmb libsmb: Expose protocol-agnostic cli_writeall_send/recv 2018-08-27 23:09:15 +02:00
locale pam_winbind: initial Turkish translation 2017-11-15 13:52:05 +01:00
locking smbd: Fix a memleak in async search ask sharemode 2018-09-03 18:44:23 +02:00
modules vfs_delay_inject: adding delay to VFS calls 2018-08-31 22:22:22 +02:00
nmbd lib: Pass mem_ctx to cache_path() 2018-08-17 14:28:51 +02:00
param smb.conf: add dns_zone_scavenging 2018-07-12 04:31:51 +02:00
passdb krb5-samba: interdomain trust uses different salt principal 2018-09-05 03:57:22 +02:00
printing lib: Pass mem_ctx to cache_path() 2018-08-17 14:28:51 +02:00
profile lib: Pass mem_ctx to cache_path() 2018-08-17 14:28:51 +02:00
registry lib: Pass mem_ctx to state_path() 2018-08-17 11:30:11 +02:00
rpc_client Possible memory leak in map_info3_to_validation 2018-06-20 21:05:40 +02:00
rpc_server lib: Pass mem_ctx to lock_path() 2018-08-17 11:30:10 +02:00
rpcclient cmd_drsuapi: add dswriteaccountspn command 2018-05-12 02:09:28 +02:00
script selftest: add a durable handle test with delayed disconnect 2018-08-31 22:22:23 +02:00
selftest selftest: add a durable handle test with delayed disconnect 2018-08-31 22:22:23 +02:00
services srcctl3: Improve debug messages 2018-01-16 02:43:03 +01:00
smbd s3:vfs: fix valgrind warning in SMB_VFS_{PREAD,PWRITE,FSYNC}_RECV() 2018-09-04 10:45:10 +02:00
torture PEP8: fix W391: blank line at end of file 2018-08-24 07:49:31 +02:00
utils dbwrap_tool: We don't do "listwatchers" anymore 2018-09-03 21:38:40 +02:00
web
winbindd lib: Pass mem_ctx to state_path() 2018-08-17 11:30:11 +02:00
.clang_complete
.dmallocrc
.indent.pro
Doxyfile
mainpage.dox
smbadduser.in
wscript vfs_delay_inject: adding delay to VFS calls 2018-08-31 22:22:22 +02:00
wscript_build examples: Add winexe re-implemented on current Samba libs 2018-08-28 02:03:07 +02:00
wscript_configure_system_ncurses