mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
s3-auth: remove crypto from serverinfo_to_SamInfoX calls.
All crypto is dealt with within the netlogon samlogon server now. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Günther Deschner
Stefan Metzmacher
parent
c1fb595081
commit
f2d9589b17
@ -537,7 +537,7 @@ NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
|
status = serverinfo_to_SamInfo3(server_info, info3);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
|
DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
|
||||||
nt_errstr(status)));
|
nt_errstr(status)));
|
||||||
|
|||||||
@ -276,16 +276,10 @@ struct netr_SamInfo6;
|
|||||||
|
|
||||||
struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx);
|
struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx);
|
||||||
NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
|
NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
|
||||||
uint8_t *pipe_session_key,
|
|
||||||
size_t pipe_session_key_len,
|
|
||||||
struct netr_SamInfo2 *sam2);
|
struct netr_SamInfo2 *sam2);
|
||||||
NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info,
|
NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info,
|
||||||
uint8_t *pipe_session_key,
|
|
||||||
size_t pipe_session_key_len,
|
|
||||||
struct netr_SamInfo3 *sam3);
|
struct netr_SamInfo3 *sam3);
|
||||||
NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
|
NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
|
||||||
uint8_t *pipe_session_key,
|
|
||||||
size_t pipe_session_key_len,
|
|
||||||
struct netr_SamInfo6 *sam6);
|
struct netr_SamInfo6 *sam6);
|
||||||
NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
|
NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
|
||||||
struct samu *samu,
|
struct samu *samu,
|
||||||
|
|||||||
@ -59,8 +59,6 @@ struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
|
|||||||
*****************************************************************************/
|
*****************************************************************************/
|
||||||
|
|
||||||
NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
|
NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
|
||||||
uint8_t *pipe_session_key,
|
|
||||||
size_t pipe_session_key_len,
|
|
||||||
struct netr_SamInfo2 *sam2)
|
struct netr_SamInfo2 *sam2)
|
||||||
{
|
{
|
||||||
struct netr_SamInfo3 *info3;
|
struct netr_SamInfo3 *info3;
|
||||||
@ -75,20 +73,12 @@ NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
|
|||||||
server_info->session_key.data,
|
server_info->session_key.data,
|
||||||
MIN(sizeof(info3->base.key.key),
|
MIN(sizeof(info3->base.key.key),
|
||||||
server_info->session_key.length));
|
server_info->session_key.length));
|
||||||
if (pipe_session_key) {
|
|
||||||
arcfour_crypt(info3->base.key.key,
|
|
||||||
pipe_session_key, 16);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if (server_info->lm_session_key.length) {
|
if (server_info->lm_session_key.length) {
|
||||||
memcpy(info3->base.LMSessKey.key,
|
memcpy(info3->base.LMSessKey.key,
|
||||||
server_info->lm_session_key.data,
|
server_info->lm_session_key.data,
|
||||||
MIN(sizeof(info3->base.LMSessKey.key),
|
MIN(sizeof(info3->base.LMSessKey.key),
|
||||||
server_info->lm_session_key.length));
|
server_info->lm_session_key.length));
|
||||||
if (pipe_session_key) {
|
|
||||||
arcfour_crypt(info3->base.LMSessKey.key,
|
|
||||||
pipe_session_key, 8);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sam2->base = info3->base;
|
sam2->base = info3->base;
|
||||||
@ -102,8 +92,6 @@ NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
|
|||||||
*****************************************************************************/
|
*****************************************************************************/
|
||||||
|
|
||||||
NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info,
|
NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info,
|
||||||
uint8_t *pipe_session_key,
|
|
||||||
size_t pipe_session_key_len,
|
|
||||||
struct netr_SamInfo3 *sam3)
|
struct netr_SamInfo3 *sam3)
|
||||||
{
|
{
|
||||||
struct netr_SamInfo3 *info3;
|
struct netr_SamInfo3 *info3;
|
||||||
@ -118,20 +106,12 @@ NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_in
|
|||||||
server_info->session_key.data,
|
server_info->session_key.data,
|
||||||
MIN(sizeof(info3->base.key.key),
|
MIN(sizeof(info3->base.key.key),
|
||||||
server_info->session_key.length));
|
server_info->session_key.length));
|
||||||
if (pipe_session_key) {
|
|
||||||
arcfour_crypt(info3->base.key.key,
|
|
||||||
pipe_session_key, 16);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if (server_info->lm_session_key.length) {
|
if (server_info->lm_session_key.length) {
|
||||||
memcpy(info3->base.LMSessKey.key,
|
memcpy(info3->base.LMSessKey.key,
|
||||||
server_info->lm_session_key.data,
|
server_info->lm_session_key.data,
|
||||||
MIN(sizeof(info3->base.LMSessKey.key),
|
MIN(sizeof(info3->base.LMSessKey.key),
|
||||||
server_info->lm_session_key.length));
|
server_info->lm_session_key.length));
|
||||||
if (pipe_session_key) {
|
|
||||||
arcfour_crypt(info3->base.LMSessKey.key,
|
|
||||||
pipe_session_key, 8);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sam3->base = info3->base;
|
sam3->base = info3->base;
|
||||||
@ -148,8 +128,6 @@ NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_in
|
|||||||
*****************************************************************************/
|
*****************************************************************************/
|
||||||
|
|
||||||
NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
|
NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
|
||||||
uint8_t *pipe_session_key,
|
|
||||||
size_t pipe_session_key_len,
|
|
||||||
struct netr_SamInfo6 *sam6)
|
struct netr_SamInfo6 *sam6)
|
||||||
{
|
{
|
||||||
struct pdb_domain_info *dominfo;
|
struct pdb_domain_info *dominfo;
|
||||||
|
|||||||
@ -1466,6 +1466,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
|
|||||||
struct auth_serversupplied_info *server_info = NULL;
|
struct auth_serversupplied_info *server_info = NULL;
|
||||||
struct auth_context *auth_context = NULL;
|
struct auth_context *auth_context = NULL;
|
||||||
const char *fn;
|
const char *fn;
|
||||||
|
struct netr_SamBaseInfo *base;
|
||||||
|
|
||||||
switch (p->opnum) {
|
switch (p->opnum) {
|
||||||
case NDR_NETR_LOGONSAMLOGON:
|
case NDR_NETR_LOGONSAMLOGON:
|
||||||
@ -1690,22 +1691,45 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
|
|||||||
|
|
||||||
switch (r->in.validation_level) {
|
switch (r->in.validation_level) {
|
||||||
case 2:
|
case 2:
|
||||||
status = serverinfo_to_SamInfo2(server_info, creds->session_key, 16,
|
status = serverinfo_to_SamInfo2(server_info,
|
||||||
r->out.validation->sam2);
|
r->out.validation->sam2);
|
||||||
|
base = &r->out.validation->sam2->base;
|
||||||
break;
|
break;
|
||||||
case 3:
|
case 3:
|
||||||
status = serverinfo_to_SamInfo3(server_info, creds->session_key, 16,
|
status = serverinfo_to_SamInfo3(server_info,
|
||||||
r->out.validation->sam3);
|
r->out.validation->sam3);
|
||||||
|
base = &r->out.validation->sam3->base;
|
||||||
break;
|
break;
|
||||||
case 6:
|
case 6:
|
||||||
status = serverinfo_to_SamInfo6(server_info, creds->session_key, 16,
|
status = serverinfo_to_SamInfo6(server_info,
|
||||||
r->out.validation->sam6);
|
r->out.validation->sam6);
|
||||||
|
base = &r->out.validation->sam6->base;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
TALLOC_FREE(server_info);
|
TALLOC_FREE(server_info);
|
||||||
|
|
||||||
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
return status;
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (r->in.validation_level == 6) {
|
||||||
|
/* no further crypto to be applied - gd */
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
|
||||||
|
netlogon_creds_aes_encrypt(creds, base->key.key, 16);
|
||||||
|
netlogon_creds_aes_encrypt(creds, base->LMSessKey.key, 8);
|
||||||
|
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
|
||||||
|
netlogon_creds_arcfour_crypt(creds, base->key.key, 16);
|
||||||
|
netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8);
|
||||||
|
} else {
|
||||||
|
/* key is unencrypted when neither AES nor RC4 bits are set */
|
||||||
|
netlogon_creds_des_encrypt_LMKey(creds, &base->LMSessKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
return NT_STATUS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
/****************************************************************
|
/****************************************************************
|
||||||
|
|||||||
@ -316,7 +316,7 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry)
|
|||||||
return False;
|
return False;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3_auth);
|
status = serverinfo_to_SamInfo3(server_info, info3_auth);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (!NT_STATUS_IS_OK(status)) {
|
||||||
DEBUG(0, ("serverinfo_to_SamInfo3 failed: %s\n",
|
DEBUG(0, ("serverinfo_to_SamInfo3 failed: %s\n",
|
||||||
nt_errstr(status)));
|
nt_errstr(status)));
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user