From 7d4ed899831a853ec2eef8dcd82d74fdbf568f0e Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 2 Mar 2012 16:18:16 +0200 Subject: s3-rpc: Decrypt with the proper session key in CreateTrustedDomainEx2. On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption. However, this was not done for trusted domain-related modifying operations. As result, Samba 4 client libraries do not work against Samba 3 while working against Windows 2008 r2. Solved this by introducing "session_extract_session_key()" function that allows to specify intent of use of the key. Signed-off-by: Andreas Schneider Autobuild-User: Andreas Schneider Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104 --- source3/include/auth.h | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/include') diff --git a/source3/include/auth.h b/source3/include/auth.h index 7f2c3e5db7..693a0df383 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -128,6 +128,12 @@ struct auth_init_function_entry { extern const struct gensec_security_ops gensec_ntlmssp3_server_ops; +/* Intent of use for session key. LSA and SAMR pipes use 16 bytes of session key when doing create/modify calls */ +enum session_key_use_intent { + KEY_USE_FULL = 0, + KEY_USE_16BYTES +}; + /* Changed from 1 -> 2 to add the logon_parameters field. */ /* Changed from 2 -> 3 when we reworked many auth structures to use IDL or be in common with Samba4 */ #define AUTH_INTERFACE_VERSION 3 -- cgit