| commit | b9b8cd1752aeab049983c1a6038edf2231ec10a4 | |
| author | Jeremy Allison <jra@samba.org> | |
| Sun, 12 Feb 2006 16:44:30 +0000 (12 16:44 +0000) | ||
| committer | Gerald (Jerry) Carter <jerry@samba.org> | |
| Wed, 10 Oct 2007 16:10:05 +0000 (10 11:10 -0500) | ||
| tree | 3a5c402340c71acee0ba68954f377992b2d23d4f | treesnapshot (tar.gz zip) |
| parent | 7a2da5f0cc05c1920c664c9a690a23bdf854e285 | commitdiff |
r13473: Back port r13470, r13471, r13472 from Samba4. Thanks Andrew:
-----------------------------------
Thanks to a report from VL:
We were causing mayhem by weakening the keys at the wrong point in time.
I think this is the correct place to do it. The session key for SMB
signing, and the 'smb session key' (used for encrypting password sets)
is never weakened.
The session key used for bulk data encryption/signing is weakened.
This also makes more sense, when we look at the NTLM2 code.
Andrew Bartlett
-----------------------------------
With more 'try all options' testing, I found this 'simple' but in the
NTLM2 signing code.
Andrew Bartlett
-----------------------------------
After Volker's advise, try every combination of parameters. This
isn't every parameter on NTLMSSP, but it is most of the important
ones.
This showed up that we had the '128bit && LM_KEY' case messed up.
This isn't supported, so we must look instead at the 56 bit flag.
Andrew Bartlett
-----------------------------------
We should now try retesting with NT4. This should be standalone
enough to port into a SAMBA_3_0_RELEASE branch fix.
Jeremy.
-----------------------------------
Thanks to a report from VL:
We were causing mayhem by weakening the keys at the wrong point in time.
I think this is the correct place to do it. The session key for SMB
signing, and the 'smb session key' (used for encrypting password sets)
is never weakened.
The session key used for bulk data encryption/signing is weakened.
This also makes more sense, when we look at the NTLM2 code.
Andrew Bartlett
-----------------------------------
With more 'try all options' testing, I found this 'simple' but in the
NTLM2 signing code.
Andrew Bartlett
-----------------------------------
After Volker's advise, try every combination of parameters. This
isn't every parameter on NTLMSSP, but it is most of the important
ones.
This showed up that we had the '128bit && LM_KEY' case messed up.
This isn't supported, so we must look instead at the 56 bit flag.
Andrew Bartlett
-----------------------------------
We should now try retesting with NT4. This should be standalone
enough to port into a SAMBA_3_0_RELEASE branch fix.
Jeremy.
| source/libsmb/ntlmssp.c | diffblobblamehistory | |
| source/libsmb/ntlmssp_sign.c | diffblobblamehistory |