summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2012-12-07 12:38:16 +0100
committerStefan Metzmacher <metze@samba.org>2012-12-09 19:39:08 +0100
commitf6cb8049b2fe62054d254a006b8a39f000d1d1d5 (patch)
treec5b87795f026ca158a53bd99926a0efa15e04517
parentbe296a21fc509cacaedb5aad0c3ca4ccd44b4a62 (diff)
downloadsamba-f6cb8049b2fe62054d254a006b8a39f000d1d1d5.tar.gz
samba-f6cb8049b2fe62054d254a006b8a39f000d1d1d5.tar.bz2
samba-f6cb8049b2fe62054d254a006b8a39f000d1d1d5.zip
libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--libcli/auth/credentials.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index 77df7f765a..63407e7988 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -520,6 +520,20 @@ void netlogon_creds_decrypt_samlogon(struct netlogon_creds_CredentialState *cred
/* find and decyrpt the session keys, return in parameters above */
if (validation_level == 6) {
/* they aren't encrypted! */
+ } else if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ if (memcmp(base->key.key, zeros,
+ sizeof(base->key.key)) != 0) {
+ netlogon_creds_aes_decrypt(creds,
+ base->key.key,
+ sizeof(base->key.key));
+ }
+
+ if (memcmp(base->LMSessKey.key, zeros,
+ sizeof(base->LMSessKey.key)) != 0) {
+ netlogon_creds_aes_decrypt(creds,
+ base->LMSessKey.key,
+ sizeof(base->LMSessKey.key));
+ }
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
if (memcmp(base->key.key, zeros,
sizeof(base->key.key)) != 0) {