s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().

Patch from Jeremy.

With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.

There are still two registry settings required:

	HKLM\System\CCS\Services\LanmanWorkstation\Parameters
		DWORD  DomainCompatibilityMode = 1
		DWORD  DNSNameResolutionRequired = 0

Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.

Guenther / Jeremy.

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 2bd857c58939665aee8802494ad9169ea04a9635..f6c5eaa71bfde1f17dd48582ab2e3fd16c49457b 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -292,8 +292,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
        unsigned char local_nt_response[24];
        unsigned char key[16];
        
-       ZERO_STRUCT(key);
-       memcpy(key, dc_sess_key, 8);
+       memcpy(key, dc_sess_key, 16);
        
        if (lm_interactive_pwd)
                memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd));

diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h
index de0a31360985f73c54c2694437b53ec01c4cb6d6..4b49b5efb3bb780469373317c03a625b27673573 100644 (file)
--- a/source/include/ntdomain.h
+++ b/source/include/ntdomain.h
@@ -139,7 +139,7 @@ struct dcinfo {
        struct netr_Credential clnt_chal; /* Client credential */
        struct netr_Credential srv_chal;  /* Server credential */
  
-       unsigned char  sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */
+       unsigned char  sess_key[16]; /* Session key */
        unsigned char  mach_pw[16];   /* md4(machine password) */
 
        fstring mach_acct;  /* Machine name we've authenticated. */