| commit | 4447ae9ccd9091776cd2fbed955e856073f253eb | |
| author | Günther Deschner <gd@samba.org> | |
| Mon, 9 Aug 2010 12:31:24 +0000 (9 14:31 +0200) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Thu, 13 Jan 2011 16:58:50 +0000 (13 17:58 +0100) | ||
| tree | 268a7d99f3ce0b53cc3879042fb81bf6732b820d | treesnapshot (tar.gz zip) |
| parent | 0c10994635b9f19154c2df7d9db9728cf5157b81 | commitdiff |
s3-winbind: Fix Bug #7568: Make sure cm_connect_lsa_tcp does not reset the secure channel.
This is an important fix as the following could and is happening:
* winbind authenticates a user via schannel secured netlogon samlogonex call,
current secure channel cred state is stored in winbind state, winbind
sucessfully decrypts session key from the info3
* winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the
secure channel on the dc)
* subsequent samlogonex calls use the new secure channel creds on the dc to
encrypt info3 session key, while winbind tries to use old schannel creds for
decryption
Guenther
(cherry picked from commit be396411a4e1f3a174f8a44b6c062d834135e70a)
(cherry picked from commit e647f5b5409502ec329e24f09202b036cfb357ae)
This is an important fix as the following could and is happening:
* winbind authenticates a user via schannel secured netlogon samlogonex call,
current secure channel cred state is stored in winbind state, winbind
sucessfully decrypts session key from the info3
* winbind sets up a new schannel ncacn_ip_tcp lsa pipe (and thereby resets the
secure channel on the dc)
* subsequent samlogonex calls use the new secure channel creds on the dc to
encrypt info3 session key, while winbind tries to use old schannel creds for
decryption
Guenther
(cherry picked from commit be396411a4e1f3a174f8a44b6c062d834135e70a)
(cherry picked from commit e647f5b5409502ec329e24f09202b036cfb357ae)
| source3/winbindd/winbindd_cm.c | diffblobblamehistory |