| commit | d451456892c3cc164c2481885e788f4588a43e2c | |
| author | David Disseldorp <ddiss@samba.org> | |
| Tue, 12 Feb 2013 10:58:06 +0000 (12 11:58 +0100) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Thu, 14 Mar 2013 09:51:41 +0000 (14 10:51 +0100) | ||
| tree | 2b34e207a836fe1a8642f2cd23aae66ab9553abb | treesnapshot (tar.gz zip) |
| parent | ba4378b6aa126f58d57a0ad758c3799bae079b9d | commitdiff |
smbd: fix initial large PAC sess setup response
An oversize Kerberos security token may be split across multiple Session
Setup AndX requests when authenticating as a user who is a member of
many (~2000) groups.
In such a case the NativeOS, NativeLanMan & PrimaryDomain fields must be
sent with the NT_STATUS_MORE_PROCESSING_REQUIRED response. Otherwise
Windows clients may resend the same security token data in subsequent
session setup andX requests, as observed with Windows 7 and Server 2012.
This change fixes the SMB1 server only.
Fix bug #9658 - Session Setup AndX exchange fails with an oversize security
token.
(cherry picked from commit e28ec902a207655acab665c4cfabb1f2031fb24f)
An oversize Kerberos security token may be split across multiple Session
Setup AndX requests when authenticating as a user who is a member of
many (~2000) groups.
In such a case the NativeOS, NativeLanMan & PrimaryDomain fields must be
sent with the NT_STATUS_MORE_PROCESSING_REQUIRED response. Otherwise
Windows clients may resend the same security token data in subsequent
session setup andX requests, as observed with Windows 7 and Server 2012.
This change fixes the SMB1 server only.
Fix bug #9658 - Session Setup AndX exchange fails with an oversize security
token.
(cherry picked from commit e28ec902a207655acab665c4cfabb1f2031fb24f)
| source3/smbd/sesssetup.c | diffblobblamehistory |