diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-07-23 16:19:54 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-07-23 16:19:54 +1000 |
commit | 768515f4ad13785729fcd4df7cecaede39b7409a (patch) | |
tree | 02a5089329233430e33547caa03fec04b6fa29aa | |
parent | 042eefe3eb7ae4873ef2fc7e4e1c8d520f6f083c (diff) | |
download | samba-768515f4ad13785729fcd4df7cecaede39b7409a.tar.gz samba-768515f4ad13785729fcd4df7cecaede39b7409a.tar.bz2 samba-768515f4ad13785729fcd4df7cecaede39b7409a.zip |
The SMB session key must not be more than 16 bytes in SAMR (and
presumably LSA).
Tests show that Vista requires the sesion key to be truncated for a
domain join.
Andrew Bartlett
(This used to be commit af629a3738298d27eb2dbecf466ceb503cec9638)
-rw-r--r-- | source4/librpc/rpc/dcerpc_util.c | 14 | ||||
-rw-r--r-- | source4/rpc_server/dcerpc_server.c | 11 |
2 files changed, 22 insertions, 3 deletions
diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c index 71c6d5f2cc..32646e85b0 100644 --- a/source4/librpc/rpc/dcerpc_util.c +++ b/source4/librpc/rpc/dcerpc_util.c @@ -647,11 +647,21 @@ NTSTATUS dcerpc_generic_session_key(struct dcerpc_connection *c, /* fetch the user session key - may be default (above) or the SMB session key + + The key is always truncated to 16 bytes */ _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p, - DATA_BLOB *session_key) + DATA_BLOB *session_key) { - return p->conn->security_state.session_key(p->conn, session_key); + NTSTATUS status; + status = p->conn->security_state.session_key(p->conn, session_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + session_key->length = MIN(session_key->length, 16); + + return NT_STATUS_OK; } diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index d8dafd61f6..fb487dfdcf 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -270,11 +270,20 @@ NTSTATUS dcesrv_generic_session_key(struct dcesrv_connection *p, /* fetch the user session key - may be default (above) or the SMB session key + + The key is always truncated to 16 bytes */ _PUBLIC_ NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p, DATA_BLOB *session_key) { - return p->auth_state.session_key(p, session_key); + NTSTATUS status = p->auth_state.session_key(p, session_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + session_key->length = MIN(session_key->length, 16); + + return NT_STATUS_OK; } |