diff options
author | Günther Deschner <gd@samba.org> | 2012-12-06 15:21:02 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-12-09 19:39:08 +0100 |
commit | f2d9589b178c0e3374e1c1ad363639b9e2bdce5f (patch) | |
tree | 7d162afe91c66b1ed035c2ba9b6d09c4bfb880d1 | |
parent | c1fb595081c2b0bf66bce06c09750f53e8031311 (diff) | |
download | samba-f2d9589b178c0e3374e1c1ad363639b9e2bdce5f.tar.gz samba-f2d9589b178c0e3374e1c1ad363639b9e2bdce5f.tar.bz2 samba-f2d9589b178c0e3374e1c1ad363639b9e2bdce5f.zip |
s3-auth: remove crypto from serverinfo_to_SamInfoX calls.
All crypto is dealt with within the netlogon samlogon server now.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r-- | source3/auth/check_samsec.c | 2 | ||||
-rw-r--r-- | source3/auth/proto.h | 6 | ||||
-rw-r--r-- | source3/auth/server_info.c | 22 | ||||
-rw-r--r-- | source3/rpc_server/netlogon/srv_netlog_nt.c | 32 | ||||
-rw-r--r-- | source3/torture/pdbtest.c | 2 |
5 files changed, 30 insertions, 34 deletions
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index 2d3cb65785..7ed8cc2341 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -537,7 +537,7 @@ NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge, goto done; } - status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3); + status = serverinfo_to_SamInfo3(server_info, info3); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n", nt_errstr(status))); diff --git a/source3/auth/proto.h b/source3/auth/proto.h index 6c9967227e..76661fc833 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -276,16 +276,10 @@ struct netr_SamInfo6; struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx); NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info, - uint8_t *pipe_session_key, - size_t pipe_session_key_len, struct netr_SamInfo2 *sam2); NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info, - uint8_t *pipe_session_key, - size_t pipe_session_key_len, struct netr_SamInfo3 *sam3); NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info, - uint8_t *pipe_session_key, - size_t pipe_session_key_len, struct netr_SamInfo6 *sam6); NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, struct samu *samu, diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index 02bf689b2c..3f4f7081b8 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -59,8 +59,6 @@ struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx) *****************************************************************************/ NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info, - uint8_t *pipe_session_key, - size_t pipe_session_key_len, struct netr_SamInfo2 *sam2) { struct netr_SamInfo3 *info3; @@ -75,20 +73,12 @@ NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info, server_info->session_key.data, MIN(sizeof(info3->base.key.key), server_info->session_key.length)); - if (pipe_session_key) { - arcfour_crypt(info3->base.key.key, - pipe_session_key, 16); - } } if (server_info->lm_session_key.length) { memcpy(info3->base.LMSessKey.key, server_info->lm_session_key.data, MIN(sizeof(info3->base.LMSessKey.key), server_info->lm_session_key.length)); - if (pipe_session_key) { - arcfour_crypt(info3->base.LMSessKey.key, - pipe_session_key, 8); - } } sam2->base = info3->base; @@ -102,8 +92,6 @@ NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info, *****************************************************************************/ NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info, - uint8_t *pipe_session_key, - size_t pipe_session_key_len, struct netr_SamInfo3 *sam3) { struct netr_SamInfo3 *info3; @@ -118,20 +106,12 @@ NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_in server_info->session_key.data, MIN(sizeof(info3->base.key.key), server_info->session_key.length)); - if (pipe_session_key) { - arcfour_crypt(info3->base.key.key, - pipe_session_key, 16); - } } if (server_info->lm_session_key.length) { memcpy(info3->base.LMSessKey.key, server_info->lm_session_key.data, MIN(sizeof(info3->base.LMSessKey.key), server_info->lm_session_key.length)); - if (pipe_session_key) { - arcfour_crypt(info3->base.LMSessKey.key, - pipe_session_key, 8); - } } sam3->base = info3->base; @@ -148,8 +128,6 @@ NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_in *****************************************************************************/ NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info, - uint8_t *pipe_session_key, - size_t pipe_session_key_len, struct netr_SamInfo6 *sam6) { struct pdb_domain_info *dominfo; diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 4be2355bb8..9b506552fb 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1466,6 +1466,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, struct auth_serversupplied_info *server_info = NULL; struct auth_context *auth_context = NULL; const char *fn; + struct netr_SamBaseInfo *base; switch (p->opnum) { case NDR_NETR_LOGONSAMLOGON: @@ -1690,22 +1691,45 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, switch (r->in.validation_level) { case 2: - status = serverinfo_to_SamInfo2(server_info, creds->session_key, 16, + status = serverinfo_to_SamInfo2(server_info, r->out.validation->sam2); + base = &r->out.validation->sam2->base; break; case 3: - status = serverinfo_to_SamInfo3(server_info, creds->session_key, 16, + status = serverinfo_to_SamInfo3(server_info, r->out.validation->sam3); + base = &r->out.validation->sam3->base; break; case 6: - status = serverinfo_to_SamInfo6(server_info, creds->session_key, 16, + status = serverinfo_to_SamInfo6(server_info, r->out.validation->sam6); + base = &r->out.validation->sam6->base; break; } TALLOC_FREE(server_info); - return status; + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (r->in.validation_level == 6) { + /* no further crypto to be applied - gd */ + return NT_STATUS_OK; + } + + if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + netlogon_creds_aes_encrypt(creds, base->key.key, 16); + netlogon_creds_aes_encrypt(creds, base->LMSessKey.key, 8); + } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + netlogon_creds_arcfour_crypt(creds, base->key.key, 16); + netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8); + } else { + /* key is unencrypted when neither AES nor RC4 bits are set */ + netlogon_creds_des_encrypt_LMKey(creds, &base->LMSessKey); + } + + return NT_STATUS_OK; } /**************************************************************** diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c index d0d529e922..17da455256 100644 --- a/source3/torture/pdbtest.c +++ b/source3/torture/pdbtest.c @@ -316,7 +316,7 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry) return False; } - status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3_auth); + status = serverinfo_to_SamInfo3(server_info, info3_auth); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("serverinfo_to_SamInfo3 failed: %s\n", nt_errstr(status))); |