1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

r10847: Fix up new 'decrypt samlogon reply' routine to be more robust, and use

it in the RPC-SAMLOGON test.

Andrew Bartlett
(This used to be commit 675b7df2ee)
This commit is contained in:
Andrew Bartlett 2005-10-09 13:03:52 +00:00 committed by Gerald (Jerry) Carter
parent b468ba1386
commit 43adda56b6
2 changed files with 37 additions and 61 deletions

View File

@ -322,18 +322,32 @@ void creds_decrypt_samlogon(struct creds_CredentialState *creds,
{
static const char zeros[16];
struct netr_SamBaseInfo *base;
struct netr_SamBaseInfo *base = NULL;
switch (validation_level) {
case 2:
if (validation->sam2) {
base = &validation->sam2->base;
}
break;
case 3:
if (validation->sam3) {
base = &validation->sam3->base;
}
break;
case 6:
if (validation->sam6) {
base = &validation->sam6->base;
break;
}
break;
default:
/* If we can't find it, we can't very well decrypt it */
return;
}
if (!base) {
return;
}
/* find and decyrpt the session keys, return in parameters above */
if (validation_level == 6) {
/* they aren't encrypted! */

View File

@ -151,9 +151,13 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
if (error_string) {
*error_string = strdup(nt_errstr(status));
}
return status;
}
validation_level = r->in.validation_level;
creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r->out.validation);
switch (validation_level) {
case 2:
base = &r->out.validation.sam2->base;
@ -172,9 +176,13 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
if (error_string) {
*error_string = strdup(nt_errstr(status));
}
return status;
}
validation_level = r_ex->in.validation_level;
creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r_ex->out.validation);
switch (validation_level) {
case 2:
base = &r_ex->out.validation.sam2->base;
@ -201,9 +209,13 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
if (error_string) {
*error_string = strdup(nt_errstr(status));
}
return status;
}
validation_level = r_flags->in.validation_level;
creds_decrypt_samlogon(samlogon_state->creds, validation_level, &r_flags->out.validation);
switch (validation_level) {
case 2:
base = &r_flags->out.validation.sam2->base;
@ -218,67 +230,17 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state,
break;
}
if (!NT_STATUS_IS_OK(status)) {
/* we cannot check the session key, if the logon failed... */
return status;
}
if (!base) {
printf("No user info returned from 'successful' SamLogon*() call!\n");
return NT_STATUS_INVALID_PARAMETER;
}
/* find and decyrpt the session keys, return in parameters above */
if (validation_level == 6) {
/* they aren't encrypted! */
if (user_session_key) {
memcpy(user_session_key, base->key.key, 16);
}
if (lm_key) {
memcpy(lm_key, base->LMSessKey.key, 8);
}
} else if (samlogon_state->creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
static const char zeros[16];
if (memcmp(base->key.key, zeros,
sizeof(base->key.key)) != 0) {
creds_arcfour_crypt(samlogon_state->creds,
base->key.key,
sizeof(base->key.key));
}
if (user_session_key) {
memcpy(user_session_key, base->key.key, 16);
}
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
creds_arcfour_crypt(samlogon_state->creds,
base->LMSessKey.key,
sizeof(base->LMSessKey.key));
}
if (lm_key) {
memcpy(lm_key, base->LMSessKey.key, 8);
}
} else {
static const char zeros[16];
if (user_session_key) {
memcpy(user_session_key, base->key.key, 16);
}
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
creds_des_decrypt_LMKey(samlogon_state->creds,
&base->LMSessKey);
}
if (lm_key) {
memcpy(lm_key, base->LMSessKey.key, 8);
}
}
return status;
}