1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libcli/auth: add netlogon_creds_[de|en]crypt_samlogon_logon()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Stefan Metzmacher 2013-04-25 17:01:00 +02:00 committed by Andreas Schneider
parent 291f6a1e03
commit c7319fce60
2 changed files with 124 additions and 0 deletions

View File

@ -601,6 +601,124 @@ void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_Credential
validation, true);
}
static void netlogon_creds_crypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level,
union netr_LogonLevel *logon,
bool encrypt)
{
static const char zeros[16];
if (logon == NULL) {
return;
}
switch (level) {
case NetlogonInteractiveInformation:
case NetlogonInteractiveTransitiveInformation:
case NetlogonServiceInformation:
case NetlogonServiceTransitiveInformation:
if (logon->password == NULL) {
return;
}
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
uint8_t *h;
h = logon->password->lmpassword.hash;
if (memcmp(h, zeros, 16) != 0) {
if (encrypt) {
netlogon_creds_aes_encrypt(creds, h, 16);
} else {
netlogon_creds_aes_decrypt(creds, h, 16);
}
}
h = logon->password->ntpassword.hash;
if (memcmp(h, zeros, 16) != 0) {
if (encrypt) {
netlogon_creds_aes_encrypt(creds, h, 16);
} else {
netlogon_creds_aes_decrypt(creds, h, 16);
}
}
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
uint8_t *h;
h = logon->password->lmpassword.hash;
if (memcmp(h, zeros, 16) != 0) {
netlogon_creds_arcfour_crypt(creds, h, 16);
}
h = logon->password->ntpassword.hash;
if (memcmp(h, zeros, 16) != 0) {
netlogon_creds_arcfour_crypt(creds, h, 16);
}
} else {
struct samr_Password *p;
p = &logon->password->lmpassword;
if (memcmp(p->hash, zeros, 16) != 0) {
if (encrypt) {
netlogon_creds_des_encrypt(creds, p);
} else {
netlogon_creds_des_decrypt(creds, p);
}
}
p = &logon->password->ntpassword;
if (memcmp(p->hash, zeros, 16) != 0) {
if (encrypt) {
netlogon_creds_des_encrypt(creds, p);
} else {
netlogon_creds_des_decrypt(creds, p);
}
}
}
break;
case NetlogonNetworkInformation:
case NetlogonNetworkTransitiveInformation:
break;
case NetlogonGenericInformation:
if (logon->generic == NULL) {
return;
}
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
if (encrypt) {
netlogon_creds_aes_encrypt(creds,
logon->generic->data,
logon->generic->length);
} else {
netlogon_creds_aes_decrypt(creds,
logon->generic->data,
logon->generic->length);
}
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
netlogon_creds_arcfour_crypt(creds,
logon->generic->data,
logon->generic->length);
} else {
/* Using DES to verify kerberos tickets makes no sense */
}
break;
}
}
void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level,
union netr_LogonLevel *logon)
{
netlogon_creds_crypt_samlogon_logon(creds, level, logon, false);
}
void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level,
union netr_LogonLevel *logon)
{
netlogon_creds_crypt_samlogon_logon(creds, level, logon, true);
}
/*
copy a netlogon_creds_CredentialState struct
*/

View File

@ -64,6 +64,12 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential
void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation);
void netlogon_creds_decrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level,
union netr_LogonLevel *logon);
void netlogon_creds_encrypt_samlogon_logon(struct netlogon_creds_CredentialState *creds,
enum netr_LogonInfoClass level,
union netr_LogonLevel *logon);
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */