summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-09 12:38:23 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:39:35 -0500
commit8aff6e005e36c21ebc9dd5a0dcd41f1c0d5c9c2f (patch)
treef23938d26fde102800a560eecebf6f3c870aa524
parentbc42531213f9223a823d303cf307dfce3e8e99f1 (diff)
downloadsamba-8aff6e005e36c21ebc9dd5a0dcd41f1c0d5c9c2f.tar.gz
samba-8aff6e005e36c21ebc9dd5a0dcd41f1c0d5c9c2f.tar.bz2
samba-8aff6e005e36c21ebc9dd5a0dcd41f1c0d5c9c2f.zip
r10845: Add new function to decrypt the session keys in samlogon responses.
Andrew Bartlett (This used to be commit 6d24d8d12cdc64b180fd6277f0775e943f26e82b)
-rw-r--r--source4/libcli/auth/credentials.c44
1 files changed, 44 insertions, 0 deletions
diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c
index bcb462ae9d..7cfccf446c 100644
--- a/source4/libcli/auth/credentials.c
+++ b/source4/libcli/auth/credentials.c
@@ -315,3 +315,47 @@ NTSTATUS creds_server_step_check(struct creds_CredentialState *creds,
return NT_STATUS_ACCESS_DENIED;
}
}
+
+void creds_decrypt_samlogon(struct creds_CredentialState *creds,
+ uint16_t validation_level,
+ union netr_Validation *validation)
+{
+ static const char zeros[16];
+
+ struct netr_SamBaseInfo *base;
+ switch (validation_level) {
+ case 2:
+ base = &validation->sam2->base;
+ break;
+ case 3:
+ base = &validation->sam3->base;
+ break;
+ case 6:
+ base = &validation->sam6->base;
+ break;
+ }
+ /* find and decyrpt the session keys, return in parameters above */
+ if (validation_level == 6) {
+ /* they aren't encrypted! */
+ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+ if (memcmp(base->key.key, zeros,
+ sizeof(base->key.key)) != 0) {
+ creds_arcfour_crypt(creds,
+ base->key.key,
+ sizeof(base->key.key));
+ }
+
+ if (memcmp(base->LMSessKey.key, zeros,
+ sizeof(base->LMSessKey.key)) != 0) {
+ creds_arcfour_crypt(creds,
+ base->LMSessKey.key,
+ sizeof(base->LMSessKey.key));
+ }
+ } else {
+ if (memcmp(base->LMSessKey.key, zeros,
+ sizeof(base->LMSessKey.key)) != 0) {
+ creds_des_decrypt_LMKey(creds,
+ &base->LMSessKey);
+ }
+ }
+}