summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2012-12-06 15:21:02 +0100
committerStefan Metzmacher <metze@samba.org>2012-12-09 19:39:08 +0100
commitf2d9589b178c0e3374e1c1ad363639b9e2bdce5f (patch)
tree7d162afe91c66b1ed035c2ba9b6d09c4bfb880d1
parentc1fb595081c2b0bf66bce06c09750f53e8031311 (diff)
downloadsamba-f2d9589b178c0e3374e1c1ad363639b9e2bdce5f.tar.gz
samba-f2d9589b178c0e3374e1c1ad363639b9e2bdce5f.tar.bz2
samba-f2d9589b178c0e3374e1c1ad363639b9e2bdce5f.zip
s3-auth: remove crypto from serverinfo_to_SamInfoX calls.
All crypto is dealt with within the netlogon samlogon server now. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source3/auth/check_samsec.c2
-rw-r--r--source3/auth/proto.h6
-rw-r--r--source3/auth/server_info.c22
-rw-r--r--source3/rpc_server/netlogon/srv_netlog_nt.c32
-rw-r--r--source3/torture/pdbtest.c2
5 files changed, 30 insertions, 34 deletions
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index 2d3cb65785..7ed8cc2341 100644
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -537,7 +537,7 @@ NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
goto done;
}
- status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
+ status = serverinfo_to_SamInfo3(server_info, info3);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
nt_errstr(status)));
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 6c9967227e..76661fc833 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -276,16 +276,10 @@ struct netr_SamInfo6;
struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx);
NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
- uint8_t *pipe_session_key,
- size_t pipe_session_key_len,
struct netr_SamInfo2 *sam2);
NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info,
- uint8_t *pipe_session_key,
- size_t pipe_session_key_len,
struct netr_SamInfo3 *sam3);
NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
- uint8_t *pipe_session_key,
- size_t pipe_session_key_len,
struct netr_SamInfo6 *sam6);
NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
struct samu *samu,
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 02bf689b2c..3f4f7081b8 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -59,8 +59,6 @@ struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
*****************************************************************************/
NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
- uint8_t *pipe_session_key,
- size_t pipe_session_key_len,
struct netr_SamInfo2 *sam2)
{
struct netr_SamInfo3 *info3;
@@ -75,20 +73,12 @@ NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
server_info->session_key.data,
MIN(sizeof(info3->base.key.key),
server_info->session_key.length));
- if (pipe_session_key) {
- arcfour_crypt(info3->base.key.key,
- pipe_session_key, 16);
- }
}
if (server_info->lm_session_key.length) {
memcpy(info3->base.LMSessKey.key,
server_info->lm_session_key.data,
MIN(sizeof(info3->base.LMSessKey.key),
server_info->lm_session_key.length));
- if (pipe_session_key) {
- arcfour_crypt(info3->base.LMSessKey.key,
- pipe_session_key, 8);
- }
}
sam2->base = info3->base;
@@ -102,8 +92,6 @@ NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
*****************************************************************************/
NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info,
- uint8_t *pipe_session_key,
- size_t pipe_session_key_len,
struct netr_SamInfo3 *sam3)
{
struct netr_SamInfo3 *info3;
@@ -118,20 +106,12 @@ NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_in
server_info->session_key.data,
MIN(sizeof(info3->base.key.key),
server_info->session_key.length));
- if (pipe_session_key) {
- arcfour_crypt(info3->base.key.key,
- pipe_session_key, 16);
- }
}
if (server_info->lm_session_key.length) {
memcpy(info3->base.LMSessKey.key,
server_info->lm_session_key.data,
MIN(sizeof(info3->base.LMSessKey.key),
server_info->lm_session_key.length));
- if (pipe_session_key) {
- arcfour_crypt(info3->base.LMSessKey.key,
- pipe_session_key, 8);
- }
}
sam3->base = info3->base;
@@ -148,8 +128,6 @@ NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_in
*****************************************************************************/
NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
- uint8_t *pipe_session_key,
- size_t pipe_session_key_len,
struct netr_SamInfo6 *sam6)
{
struct pdb_domain_info *dominfo;
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 4be2355bb8..9b506552fb 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1466,6 +1466,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
struct auth_serversupplied_info *server_info = NULL;
struct auth_context *auth_context = NULL;
const char *fn;
+ struct netr_SamBaseInfo *base;
switch (p->opnum) {
case NDR_NETR_LOGONSAMLOGON:
@@ -1690,22 +1691,45 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
switch (r->in.validation_level) {
case 2:
- status = serverinfo_to_SamInfo2(server_info, creds->session_key, 16,
+ status = serverinfo_to_SamInfo2(server_info,
r->out.validation->sam2);
+ base = &r->out.validation->sam2->base;
break;
case 3:
- status = serverinfo_to_SamInfo3(server_info, creds->session_key, 16,
+ status = serverinfo_to_SamInfo3(server_info,
r->out.validation->sam3);
+ base = &r->out.validation->sam3->base;
break;
case 6:
- status = serverinfo_to_SamInfo6(server_info, creds->session_key, 16,
+ status = serverinfo_to_SamInfo6(server_info,
r->out.validation->sam6);
+ base = &r->out.validation->sam6->base;
break;
}
TALLOC_FREE(server_info);
- return status;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (r->in.validation_level == 6) {
+ /* no further crypto to be applied - gd */
+ return NT_STATUS_OK;
+ }
+
+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ netlogon_creds_aes_encrypt(creds, base->key.key, 16);
+ netlogon_creds_aes_encrypt(creds, base->LMSessKey.key, 8);
+ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+ netlogon_creds_arcfour_crypt(creds, base->key.key, 16);
+ netlogon_creds_arcfour_crypt(creds, base->LMSessKey.key, 8);
+ } else {
+ /* key is unencrypted when neither AES nor RC4 bits are set */
+ netlogon_creds_des_encrypt_LMKey(creds, &base->LMSessKey);
+ }
+
+ return NT_STATUS_OK;
}
/****************************************************************
diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c
index d0d529e922..17da455256 100644
--- a/source3/torture/pdbtest.c
+++ b/source3/torture/pdbtest.c
@@ -316,7 +316,7 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry)
return False;
}
- status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3_auth);
+ status = serverinfo_to_SamInfo3(server_info, info3_auth);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("serverinfo_to_SamInfo3 failed: %s\n",
nt_errstr(status)));