diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-02-12 12:42:37 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:54 -0500 |
| commit | e218c8442db38bcfcac9e9425e8d0e32f61c840f (patch) | |
| tree | f5079c7ad9f532c648a1e44f02085dcd7d9e048d /source4/auth/ntlmssp/ntlmssp_server.c | |
| parent | ba04ff6736c0551da06d112af28d42b351c10481 (diff) | |
| download | samba-e218c8442db38bcfcac9e9425e8d0e32f61c840f.tar.gz samba-e218c8442db38bcfcac9e9425e8d0e32f61c840f.tar.bz2 samba-e218c8442db38bcfcac9e9425e8d0e32f61c840f.zip | |
r13470: Thanks to a report from VL:
We were causing mayhem by weakening the keys at the wrong point in time.
I think this is the correct place to do it. The session key for SMB
signing, and the 'smb session key' (used for encrypting password sets)
is never weakened.
The session key used for bulk data encryption/signing is weakened.
This also makes more sense, when we look at the NTLM2 code.
Andrew Bartlett
(This used to be commit 3fd32a12094ff2b6df52f5ab2af7c0ffceb5a4a0)
Diffstat (limited to 'source4/auth/ntlmssp/ntlmssp_server.c')
| -rw-r--r-- | source4/auth/ntlmssp/ntlmssp_server.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index de44d40a50..65956d0580 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -554,9 +554,6 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, /* keep the session key around on the new context */ talloc_steal(gensec_ntlmssp_state, session_key.data); - /* The server might need us to use a partial-strength session key */ - ntlmssp_weaken_keys(gensec_ntlmssp_state); - if ((gensec_security->want_features & GENSEC_FEATURE_SIGN) || (gensec_security->want_features & GENSEC_FEATURE_SEAL)) { nt_status = ntlmssp_sign_init(gensec_ntlmssp_state); |