| commit | 41deac37bdfc696e2969ae8c06230fa2f348c554 | |
| author | Andrew Bartlett <abartlet@samba.org> | |
| Wed, 14 Dec 2011 23:00:36 +0000 (15 10:00 +1100) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Fri, 22 Jun 2012 19:38:50 +0000 (22 21:38 +0200) | ||
| tree | 9c7673ed45672eb09e29bcf5d0840d2e2deb5c74 | treesnapshot (tar.gz zip) |
| parent | c26a263cf953674c96b5acee1f3f1052b37c86de | commitdiff |
s3-winbindd Only use SamLogonEx when we can get unencrypted session keys
This ensures that we have some check on the session keys being returned
as the RC4 cipher is not checksumed.
The check comes from the fact that the credentials chain is tied to
the session key, and so if the credentials check passes then the
netlogon session key will be correct, and so the user session key
will be correctly decrypted.
Andrew Bartlett
Part of a fix for bug #8599 (WINBINDD_PAM_AUTH_CRAP returns invalid user session
key).
(cherry picked from commit 8852ad6bd77b44e9dd71de3994869f5603964ef7)
This ensures that we have some check on the session keys being returned
as the RC4 cipher is not checksumed.
The check comes from the fact that the credentials chain is tied to
the session key, and so if the credentials check passes then the
netlogon session key will be correct, and so the user session key
will be correctly decrypted.
Andrew Bartlett
Part of a fix for bug #8599 (WINBINDD_PAM_AUTH_CRAP returns invalid user session
key).
(cherry picked from commit 8852ad6bd77b44e9dd71de3994869f5603964ef7)
| source3/winbindd/winbindd_pam.c | diffblobblamehistory |