sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00
Code

s3-rpc_server: support AES for interactive netlogon samlogon password decryption.

Browse Source 
Still need to fix AES support for the returned validation info.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Günther Deschner 2012-12-05 19:49:52 +01:00 committed by Stefan Metzmacher
parent 71572632bd
commit 645289216e
3 changed files with 36 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
source3/auth/auth_util.c
View File

@ -207,16 +207,12 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
uint32 logon_parameters,
const uchar chal[8],
const uchar lm_interactive_pwd[16],
const uchar nt_interactive_pwd[16],
const uchar *dc_sess_key)
const uchar nt_interactive_pwd[16])
{
struct samr_Password lm_pwd;
struct samr_Password nt_pwd;
unsigned char local_lm_response[24];
unsigned char local_nt_response[24];
unsigned char key[16];
memcpy(key, dc_sess_key, 16);
if (lm_interactive_pwd)
memcpy(lm_pwd.hash, lm_interactive_pwd, sizeof(lm_pwd.hash));
@ -224,31 +220,6 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
if (nt_interactive_pwd)
memcpy(nt_pwd.hash, nt_interactive_pwd, sizeof(nt_pwd.hash));
#ifdef DEBUG_PASSWORD
DEBUG(100,("key:"));
dump_data(100, key, sizeof(key));
DEBUG(100,("lm owf password:"));
dump_data(100, lm_pwd.hash, sizeof(lm_pwd.hash));
DEBUG(100,("nt owf password:"));
dump_data(100, nt_pwd.hash, sizeof(nt_pwd.hash));
#endif
if (lm_interactive_pwd)
arcfour_crypt(lm_pwd.hash, key, sizeof(lm_pwd.hash));
if (nt_interactive_pwd)
arcfour_crypt(nt_pwd.hash, key, sizeof(nt_pwd.hash));
#ifdef DEBUG_PASSWORD
DEBUG(100,("decrypt of lm owf password:"));
dump_data(100, lm_pwd.hash, sizeof(lm_pwd));
DEBUG(100,("decrypt of nt owf password:"));
dump_data(100, nt_pwd.hash, sizeof(nt_pwd));
#endif
if (lm_interactive_pwd)
SMBOWFencrypt(lm_pwd.hash, chal,
local_lm_response);
@ -257,9 +228,6 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
SMBOWFencrypt(nt_pwd.hash, chal,
local_nt_response);
/* Password info paranoia */
ZERO_STRUCT(key);
{
bool ret;
NTSTATUS nt_status;

3
source3/auth/proto.h
View File

@ -174,8 +174,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
uint32 logon_parameters,
const uchar chal[8],
const uchar lm_interactive_pwd[16],
const uchar nt_interactive_pwd[16],
const uchar *dc_sess_key);
const uchar nt_interactive_pwd[16]);
bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,

36
source3/rpc_server/netlogon/srv_netlog_nt.c
View File

@ -1596,6 +1596,39 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
{
uint8_t chal[8];
#ifdef DEBUG_PASSWORD
DEBUG(100,("lm owf password:"));
dump_data(100, logon->password->lmpassword.hash, 16);
DEBUG(100,("nt owf password:"));
dump_data(100, logon->password->ntpassword.hash, 16);
#endif
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
netlogon_creds_aes_decrypt(creds,
logon->password->lmpassword.hash,
16);
netlogon_creds_aes_decrypt(creds,
logon->password->ntpassword.hash,
16);
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
netlogon_creds_arcfour_crypt(creds,
logon->password->lmpassword.hash,
16);
netlogon_creds_arcfour_crypt(creds,
logon->password->ntpassword.hash,
16);
} else {
netlogon_creds_des_decrypt(creds, &logon->password->lmpassword);
netlogon_creds_des_decrypt(creds, &logon->password->ntpassword);
}
#ifdef DEBUG_PASSWORD
DEBUG(100,("decrypt of lm owf password:"));
dump_data(100, logon->password->lmpassword.hash, 16);
DEBUG(100,("decrypt of nt owf password:"));
dump_data(100, logon->password->ntpassword.hash, 16);
#endif
status = make_auth_context_subsystem(talloc_tos(),
&auth_context);
if (!NT_STATUS_IS_OK(status)) {
@ -1611,8 +1644,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
logon->password->identity_info.parameter_control,
chal,
logon->password->lmpassword.hash,
logon->password->ntpassword.hash,
creds->session_key)) {
logon->password->ntpassword.hash)) {
status = NT_STATUS_NO_MEMORY;
}
break;