and PRIVACY, so no other cases to take care of so far...
Andrew B., if you have time, could you take a look? This makes us survive the
RPC-SAMBA3SESSIONKEY test.
Volker
(cherry picked from commit
25cc1e7ff15675b70001d1cb8d8584880650dd2e)
auth->a_u.auth_ntlmssp_state = NULL;
}
auth->a_u.auth_ntlmssp_state = NULL;
}
+static DATA_BLOB generic_session_key(void)
+{
+ return data_blob("SystemLibraryDTC", 16);
+}
+
/*******************************************************************
Generate the next PDU to be returned from the data in p->rdata.
Handle NTLMSSP.
/*******************************************************************
Generate the next PDU to be returned from the data in p->rdata.
Handle NTLMSSP.
p->pipe_user.ut.gid = a->server_info->gid;
/*
p->pipe_user.ut.gid = a->server_info->gid;
/*
- * Copy the session key from the ntlmssp state.
+ * We're an authenticated bind over smbd, so the session key needs to
+ * be set to "SystemLibraryDTC". Weird, but this is what Windows
+ * does. See the RPC-SAMBA3SESSIONKEY.
*/
data_blob_free(&p->session_key);
*/
data_blob_free(&p->session_key);
- p->session_key = data_blob(a->ntlmssp_state->session_key.data, a->ntlmssp_state->session_key.length);
+ p->session_key = generic_session_key();
if (!p->session_key.data) {
return False;
}
if (!p->session_key.data) {
return False;
}
* JRA. Should we also copy the schannel session key into the pipe session key p->session_key
* here ? We do that for NTLMSSP, but the session key is already set up from the vuser
* struct of the person who opened the pipe. I need to test this further. JRA.
* JRA. Should we also copy the schannel session key into the pipe session key p->session_key
* here ? We do that for NTLMSSP, but the session key is already set up from the vuser
* struct of the person who opened the pipe. I need to test this further. JRA.
+ *
+ * VL. As we are mapping this to guest set the generic key
+ * "SystemLibraryDTC" key here. It's a bit difficult to test against
+ * W2k3, as it does not allow schannel binds against SAMR and LSA
+ * anymore.
+ data_blob_free(&p->session_key);
+ p->session_key = generic_session_key();
+ if (p->session_key.data == NULL) {
+ DEBUG(0, ("pipe_schannel_auth_bind: Could not alloc session"
+ " key\n"));
+ return False;
+ }
+
init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
DEBUG(0,("pipe_schannel_auth_bind: marshalling of RPC_HDR_AUTH failed.\n"));
init_rpc_hdr_auth(&auth_info, RPC_SCHANNEL_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("", &auth_info, pout_auth, 0)) {
DEBUG(0,("pipe_schannel_auth_bind: marshalling of RPC_HDR_AUTH failed.\n"));