diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-10-09 12:38:23 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:39:35 -0500 |
commit | 8aff6e005e36c21ebc9dd5a0dcd41f1c0d5c9c2f (patch) | |
tree | f23938d26fde102800a560eecebf6f3c870aa524 | |
parent | bc42531213f9223a823d303cf307dfce3e8e99f1 (diff) | |
download | samba-8aff6e005e36c21ebc9dd5a0dcd41f1c0d5c9c2f.tar.gz samba-8aff6e005e36c21ebc9dd5a0dcd41f1c0d5c9c2f.tar.bz2 samba-8aff6e005e36c21ebc9dd5a0dcd41f1c0d5c9c2f.zip |
r10845: Add new function to decrypt the session keys in samlogon responses.
Andrew Bartlett
(This used to be commit 6d24d8d12cdc64b180fd6277f0775e943f26e82b)
-rw-r--r-- | source4/libcli/auth/credentials.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c index bcb462ae9d..7cfccf446c 100644 --- a/source4/libcli/auth/credentials.c +++ b/source4/libcli/auth/credentials.c @@ -315,3 +315,47 @@ NTSTATUS creds_server_step_check(struct creds_CredentialState *creds, return NT_STATUS_ACCESS_DENIED; } } + +void creds_decrypt_samlogon(struct creds_CredentialState *creds, + uint16_t validation_level, + union netr_Validation *validation) +{ + static const char zeros[16]; + + struct netr_SamBaseInfo *base; + switch (validation_level) { + case 2: + base = &validation->sam2->base; + break; + case 3: + base = &validation->sam3->base; + break; + case 6: + base = &validation->sam6->base; + break; + } + /* find and decyrpt the session keys, return in parameters above */ + if (validation_level == 6) { + /* they aren't encrypted! */ + } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + if (memcmp(base->key.key, zeros, + sizeof(base->key.key)) != 0) { + creds_arcfour_crypt(creds, + base->key.key, + sizeof(base->key.key)); + } + + if (memcmp(base->LMSessKey.key, zeros, + sizeof(base->LMSessKey.key)) != 0) { + creds_arcfour_crypt(creds, + base->LMSessKey.key, + sizeof(base->LMSessKey.key)); + } + } else { + if (memcmp(base->LMSessKey.key, zeros, + sizeof(base->LMSessKey.key)) != 0) { + creds_des_decrypt_LMKey(creds, + &base->LMSessKey); + } + } +} |