s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().

Patch from Jeremy.

With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.

There are still two registry settings required:

        HKLM\System\CCS\Services\LanmanWorkstation\Parameters
	            DWORD  DomainCompatibilityMode = 1
		    DWORD  DNSNameResolutionRequired = 0

Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.

Guenther
(cherry picked from commit b5097d54cb74ca0ea328f9e029562f65f4a01134)

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 35998f79f9c6a468f3b6da8da5fcfded10955ef7..c0d23474cd43ee776e0e694de3977c27576806a9 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -310,8 +310,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
        unsigned char local_nt_response[24];
        unsigned char key[16];
        
-       ZERO_STRUCT(key);
-       memcpy(key, dc_sess_key, 8);
+       memcpy(key, dc_sess_key, 16);
        
        if (lm_interactive_pwd)
                memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd));

diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index de53aebb91a21c4b0e06b41862202f1d72bb9d86..141f63581c4b19ffcd8e84e6cca949c659436bda 100644 (file)
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -119,7 +119,7 @@ struct dcinfo {
        struct netr_Credential clnt_chal; /* Client credential */
        struct netr_Credential srv_chal;  /* Server credential */
 
-       unsigned char  sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */
+       unsigned char  sess_key[16]; /* Session key */
        unsigned char  mach_pw[16];   /* md4(machine password) */
 
        fstring mach_acct;  /* Machine name we've authenticated. */