diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-02-02 05:10:26 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-02 05:10:26 +0000 |
commit | 28e3e4843194e2559714adc03e05c43f9328aeda (patch) | |
tree | be306c18ac8ff4b14d2880bd2761ae1962a031c3 | |
parent | ac2eeb7a8f49d389e024af82184b86e79bfd8976 (diff) | |
download | samba-28e3e4843194e2559714adc03e05c43f9328aeda.tar.gz samba-28e3e4843194e2559714adc03e05c43f9328aeda.tar.bz2 samba-28e3e4843194e2559714adc03e05c43f9328aeda.zip |
Send the user's session key in the SAMLOGON reply, so that a member server can
use smb signing.
Andrew Bartlett
(This used to be commit 574e8a8ab7c94ecd9113df42e395e83632980675)
-rw-r--r-- | source3/rpc_parse/parse_net.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 13 |
2 files changed, 13 insertions, 4 deletions
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index ac21e6f2dd..853bca3b54 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -1271,7 +1271,7 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, uint16 logon_count, uint16 bad_pw_count, uint32 num_groups, const DOM_GID *gids, - uint32 user_flgs, uchar *sess_key, + uint32 user_flgs, uchar sess_key[16], const char *logon_srv, const char *logon_dom, const DOM_SID *dom_sid, const char *other_sids) { @@ -1448,7 +1448,7 @@ BOOL net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, if(!prs_uint32("user_flgs ", ps, depth, &usr->user_flgs)) /* user flags */ return False; - if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* unused user session key */ + if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* user session key */ return False; if(!smb_io_unihdr("hdr_logon_srv", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */ diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index c3d48a6527..6182da53d9 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -666,7 +666,9 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * pstring my_name; fstring user_sid_string; fstring group_sid_string; - + uchar user_sess_key[16]; + uchar netlogon_sess_key[16]; + sampw = server_info->sam_account; /* set up pointer indicating user/password failed to be found */ @@ -697,6 +699,12 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * return status; } + ZERO_STRUCT(netlogon_sess_key); + memcpy(netlogon_sess_key, p->dc.sess_key, 8); + memcpy(user_sess_key, server_info->session_key, sizeof(user_sess_key)); + SamOEMhash(user_sess_key, netlogon_sess_key, 16); + ZERO_STRUCT(netlogon_sess_key); + init_net_user_info3(p->mem_ctx, usr_info, user_rid, group_rid, @@ -719,13 +727,14 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * num_gids, /* uint32 num_groups */ gids , /* DOM_GID *gids */ 0x20 , /* uint32 user_flgs (?) */ - NULL, /* uchar sess_key[16] */ + user_sess_key, my_name , /* char *logon_srv */ pdb_get_domain(sampw), &domain_sid, /* DOM_SID *dom_sid */ /* Should be users domain sid, not servers - for trusted domains */ NULL); /* char *other_sids */ + ZERO_STRUCT(user_sess_key); } free_server_info(&server_info); return status; |