diff options
| author | Günther Deschner <gd@samba.org> | 2012-12-05 19:49:52 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2012-12-09 19:39:08 +0100 |
| commit | 645289216eeb718eab1201dd3ad0a50fdf85753c (patch) | |
| tree | a55f5da7017db41cfe42b9c48069b45aaf07cde3 /source3/rpc_server | |
| parent | 71572632bd33dcb5c03a701bbb72a707e5642237 (diff) | |
| download | samba-645289216eeb718eab1201dd3ad0a50fdf85753c.tar.gz samba-645289216eeb718eab1201dd3ad0a50fdf85753c.tar.bz2 samba-645289216eeb718eab1201dd3ad0a50fdf85753c.zip | |
s3-rpc_server: support AES for interactive netlogon samlogon password decryption.
Still need to fix AES support for the returned validation info.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/netlogon/srv_netlog_nt.c | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 16542f8306..cb932b473a 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1596,6 +1596,39 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, { uint8_t chal[8]; +#ifdef DEBUG_PASSWORD + DEBUG(100,("lm owf password:")); + dump_data(100, logon->password->lmpassword.hash, 16); + + DEBUG(100,("nt owf password:")); + dump_data(100, logon->password->ntpassword.hash, 16); +#endif + if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + netlogon_creds_aes_decrypt(creds, + logon->password->lmpassword.hash, + 16); + netlogon_creds_aes_decrypt(creds, + logon->password->ntpassword.hash, + 16); + } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + netlogon_creds_arcfour_crypt(creds, + logon->password->lmpassword.hash, + 16); + netlogon_creds_arcfour_crypt(creds, + logon->password->ntpassword.hash, + 16); + } else { + netlogon_creds_des_decrypt(creds, &logon->password->lmpassword); + netlogon_creds_des_decrypt(creds, &logon->password->ntpassword); + } + +#ifdef DEBUG_PASSWORD + DEBUG(100,("decrypt of lm owf password:")); + dump_data(100, logon->password->lmpassword.hash, 16); + + DEBUG(100,("decrypt of nt owf password:")); + dump_data(100, logon->password->ntpassword.hash, 16); +#endif status = make_auth_context_subsystem(talloc_tos(), &auth_context); if (!NT_STATUS_IS_OK(status)) { @@ -1611,8 +1644,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, logon->password->identity_info.parameter_control, chal, logon->password->lmpassword.hash, - logon->password->ntpassword.hash, - creds->session_key)) { + logon->password->ntpassword.hash)) { status = NT_STATUS_NO_MEMORY; } break; |