summaryrefslogtreecommitdiff
path: root/source3/rpc_server/netlogon
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2012-12-05 19:49:52 +0100
committerStefan Metzmacher <metze@samba.org>2012-12-09 19:39:08 +0100
commit645289216eeb718eab1201dd3ad0a50fdf85753c (patch)
treea55f5da7017db41cfe42b9c48069b45aaf07cde3 /source3/rpc_server/netlogon
parent71572632bd33dcb5c03a701bbb72a707e5642237 (diff)
downloadsamba-645289216eeb718eab1201dd3ad0a50fdf85753c.tar.gz
samba-645289216eeb718eab1201dd3ad0a50fdf85753c.tar.bz2
samba-645289216eeb718eab1201dd3ad0a50fdf85753c.zip
s3-rpc_server: support AES for interactive netlogon samlogon password decryption.
Still need to fix AES support for the returned validation info. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/rpc_server/netlogon')
-rw-r--r--source3/rpc_server/netlogon/srv_netlog_nt.c36
1 files changed, 34 insertions, 2 deletions
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 16542f8306..cb932b473a 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1596,6 +1596,39 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
{
uint8_t chal[8];
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("lm owf password:"));
+ dump_data(100, logon->password->lmpassword.hash, 16);
+
+ DEBUG(100,("nt owf password:"));
+ dump_data(100, logon->password->ntpassword.hash, 16);
+#endif
+ if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) {
+ netlogon_creds_aes_decrypt(creds,
+ logon->password->lmpassword.hash,
+ 16);
+ netlogon_creds_aes_decrypt(creds,
+ logon->password->ntpassword.hash,
+ 16);
+ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+ netlogon_creds_arcfour_crypt(creds,
+ logon->password->lmpassword.hash,
+ 16);
+ netlogon_creds_arcfour_crypt(creds,
+ logon->password->ntpassword.hash,
+ 16);
+ } else {
+ netlogon_creds_des_decrypt(creds, &logon->password->lmpassword);
+ netlogon_creds_des_decrypt(creds, &logon->password->ntpassword);
+ }
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("decrypt of lm owf password:"));
+ dump_data(100, logon->password->lmpassword.hash, 16);
+
+ DEBUG(100,("decrypt of nt owf password:"));
+ dump_data(100, logon->password->ntpassword.hash, 16);
+#endif
status = make_auth_context_subsystem(talloc_tos(),
&auth_context);
if (!NT_STATUS_IS_OK(status)) {
@@ -1611,8 +1644,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
logon->password->identity_info.parameter_control,
chal,
logon->password->lmpassword.hash,
- logon->password->ntpassword.hash,
- creds->session_key)) {
+ logon->password->ntpassword.hash)) {
status = NT_STATUS_NO_MEMORY;
}
break;