diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-04-24 16:00:18 +0200 |
---|---|---|
committer | Andreas Schneider <asn@samba.org> | 2013-08-05 10:30:01 +0200 |
commit | 9d548318da11247ffe8acf505cdb5299090c16f0 (patch) | |
tree | 996454f93fc3a9dcfbc65d236d7aea91f7309ebc /source4/rpc_server/netlogon/dcerpc_netlogon.c | |
parent | 2ea749a1a43a6539b01d36dbe0402a99619444e1 (diff) | |
download | samba-9d548318da11247ffe8acf505cdb5299090c16f0.tar.gz samba-9d548318da11247ffe8acf505cdb5299090c16f0.tar.bz2 samba-9d548318da11247ffe8acf505cdb5299090c16f0.zip |
s4:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4/rpc_server/netlogon/dcerpc_netlogon.c')
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 |
1 files changed, 6 insertions, 22 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index d463e85af1..5cc3b34dbf 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -629,29 +629,15 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info); NT_STATUS_HAVE_NO_MEMORY(user_info); + netlogon_creds_decrypt_samlogon_logon(creds, + r->in.logon_level, + r->in.logon); + switch (r->in.logon_level) { case NetlogonInteractiveInformation: case NetlogonServiceInformation: case NetlogonInteractiveTransitiveInformation: case NetlogonServiceTransitiveInformation: - if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_decrypt(creds, - r->in.logon->password->lmpassword.hash, - sizeof(r->in.logon->password->lmpassword.hash)); - netlogon_creds_aes_decrypt(creds, - r->in.logon->password->ntpassword.hash, - sizeof(r->in.logon->password->ntpassword.hash)); - } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { - netlogon_creds_arcfour_crypt(creds, - r->in.logon->password->lmpassword.hash, - sizeof(r->in.logon->password->lmpassword.hash)); - netlogon_creds_arcfour_crypt(creds, - r->in.logon->password->ntpassword.hash, - sizeof(r->in.logon->password->ntpassword.hash)); - } else { - netlogon_creds_des_decrypt(creds, &r->in.logon->password->lmpassword); - netlogon_creds_des_decrypt(creds, &r->in.logon->password->ntpassword); - } /* TODO: we need to deny anonymous access here */ nt_status = auth_context_create(mem_ctx, @@ -705,11 +691,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal case NetlogonGenericInformation: { if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_decrypt(creds, - r->in.logon->generic->data, r->in.logon->generic->length); + /* OK */ } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { - netlogon_creds_arcfour_crypt(creds, - r->in.logon->generic->data, r->in.logon->generic->length); + /* OK */ } else { /* Using DES to verify kerberos tickets makes no sense */ return NT_STATUS_INVALID_PARAMETER; |