sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

libcli/auth: add netlogon_creds_encrypt_samlogon_validation().

Browse Source 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Günther Deschner 2012-12-14 14:18:40 +01:00
parent 563cc67ac6
commit 301f69b0ca
2 changed files with 44 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
libcli/auth/credentials.c
View File

@ -485,9 +485,10 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
}
}
void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation)
static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation,
bool encrypt)
{
static const char zeros[16];
@ -524,16 +525,29 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->key.key, zeros,
sizeof(base->key.key)) != 0) {
netlogon_creds_aes_decrypt(creds,
if (encrypt) {
netlogon_creds_aes_encrypt(creds,
base->key.key,
sizeof(base->key.key));
} else {
netlogon_creds_aes_decrypt(creds,
base->key.key,
sizeof(base->key.key));
}
}
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
netlogon_creds_aes_decrypt(creds,
if (encrypt) {
netlogon_creds_aes_encrypt(creds,
base->LMSessKey.key,
sizeof(base->LMSessKey.key));
} else {
netlogon_creds_aes_decrypt(creds,
base->LMSessKey.key,
sizeof(base->LMSessKey.key));
}
}
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
@ -554,12 +568,33 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
netlogon_creds_des_decrypt_LMKey(creds,
if (encrypt) {
netlogon_creds_des_encrypt_LMKey(creds,
&base->LMSessKey);
} else {
netlogon_creds_des_decrypt_LMKey(creds,
&base->LMSessKey);
}
}
}
}
void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation)
{
return netlogon_creds_crypt_samlogon_validation(creds, validation_level,
validation, false);
}
void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation)
{
return netlogon_creds_crypt_samlogon_validation(creds, validation_level,
validation, true);
}
/*
copy a netlogon_creds_CredentialState struct
*/

3
libcli/auth/proto.h
View File

@ -60,6 +60,9 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation);
void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation);
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */