From 2d5e0eadb858d9717b68a770c8789a9432bbb3f7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 7 May 2009 13:36:52 +0200 Subject: s3-auth: use full 16byte session key in make_user_info_netlogon_interactive(). Patch from Jeremy. With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a Samba 3 Domain. There are still two registry settings required: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Do *not* modify the other netlogon registry parameters that were passed around, they weaken security. Guenther (cherry picked from commit b5097d54cb74ca0ea328f9e029562f65f4a01134) --- source3/auth/auth_util.c | 3 +-- source3/include/ntdomain.h | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 35998f79f9..c0d23474cd 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -310,8 +310,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, unsigned char local_nt_response[24]; unsigned char key[16]; - ZERO_STRUCT(key); - memcpy(key, dc_sess_key, 8); + memcpy(key, dc_sess_key, 16); if (lm_interactive_pwd) memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd)); diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index de53aebb91..141f63581c 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -119,7 +119,7 @@ struct dcinfo { struct netr_Credential clnt_chal; /* Client credential */ struct netr_Credential srv_chal; /* Server credential */ - unsigned char sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */ + unsigned char sess_key[16]; /* Session key */ unsigned char mach_pw[16]; /* md4(machine password) */ fstring mach_acct; /* Machine name we've authenticated. */ -- cgit