From 768515f4ad13785729fcd4df7cecaede39b7409a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 23 Jul 2008 16:19:54 +1000
Subject: The SMB session key must not be more than 16 bytes in SAMR (and
 presumably LSA).

Tests show that Vista requires the sesion key to be truncated for a
domain join.

Andrew Bartlett
(This used to be commit af629a3738298d27eb2dbecf466ceb503cec9638)
---
 source4/librpc/rpc/dcerpc_util.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'source4/librpc')

diff --git a/source4/librpc/rpc/dcerpc_util.c b/source4/librpc/rpc/dcerpc_util.c
index 71c6d5f2cc..32646e85b0 100644
--- a/source4/librpc/rpc/dcerpc_util.c
+++ b/source4/librpc/rpc/dcerpc_util.c
@@ -647,11 +647,21 @@ NTSTATUS dcerpc_generic_session_key(struct dcerpc_connection *c,
 
 /*
   fetch the user session key - may be default (above) or the SMB session key
+
+  The key is always truncated to 16 bytes 
 */
 _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p,
-				  DATA_BLOB *session_key)
+					   DATA_BLOB *session_key)
 {
-	return p->conn->security_state.session_key(p->conn, session_key);
+	NTSTATUS status;
+	status = p->conn->security_state.session_key(p->conn, session_key);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	session_key->length = MIN(session_key->length, 16);
+
+	return NT_STATUS_OK;
 }
 
 
-- 
cgit