diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-12-15 10:00:36 +1100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2012-03-19 21:31:46 +0100 |
commit | 0902392413dcbd8bedcb7c42d86497d671ba1e0f (patch) | |
tree | df207e347b82d4c27c71af387d8896acdac011d5 | |
parent | ee0e1ca5d8bbd03be5df23ecce504115e2e5012f (diff) | |
download | samba-0902392413dcbd8bedcb7c42d86497d671ba1e0f.tar.gz samba-0902392413dcbd8bedcb7c42d86497d671ba1e0f.tar.bz2 samba-0902392413dcbd8bedcb7c42d86497d671ba1e0f.zip |
s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
This ensures that we have some check on the session keys being returned
as the RC4 cipher is not checksumed.
The check comes from the fact that the credentials chain is tied to
the session key, and so if the credentials check passes then the
netlogon session key will be correct, and so the user session key
will be correctly decrypted.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Mar 19 21:31:46 CET 2012 on sn-devel-104
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index b7aec20534..6757f3611e 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1246,7 +1246,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, domain->can_do_validation6 = false; } - if (domain->can_do_samlogon_ex) { + if (domain->can_do_samlogon_ex && domain->can_do_validation6) { result = rpccli_netlogon_sam_network_logon_ex( netlogon_pipe, mem_ctx, @@ -1256,7 +1256,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, domainname, /* target domain */ workstation, /* workstation */ chal, - domain->can_do_validation6 ? 6 : 3, + 6, lm_response, nt_response, info3); |