diff options
author | Günther Deschner <gd@samba.org> | 2012-12-05 16:24:24 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-12-09 19:39:08 +0100 |
commit | 71572632bd33dcb5c03a701bbb72a707e5642237 (patch) | |
tree | e6632336195ec549d58df4149ef9863f6feda798 /source4/rpc_server/netlogon | |
parent | a52115ce67c2e5bd1e478d7601483fd2490aea31 (diff) | |
download | samba-71572632bd33dcb5c03a701bbb72a707e5642237.tar.gz samba-71572632bd33dcb5c03a701bbb72a707e5642237.tar.bz2 samba-71572632bd33dcb5c03a701bbb72a707e5642237.zip |
s4-rpc_server: support AES encryption in interactive and generic samlogon.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/rpc_server/netlogon')
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 5db4fd1201..3eaf0d4e1d 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -635,7 +635,14 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal case NetlogonServiceInformation: case NetlogonInteractiveTransitiveInformation: case NetlogonServiceTransitiveInformation: - if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + netlogon_creds_aes_decrypt(creds, + r->in.logon->password->lmpassword.hash, + sizeof(r->in.logon->password->lmpassword.hash)); + netlogon_creds_aes_decrypt(creds, + r->in.logon->password->ntpassword.hash, + sizeof(r->in.logon->password->ntpassword.hash)); + } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { netlogon_creds_arcfour_crypt(creds, r->in.logon->password->lmpassword.hash, sizeof(r->in.logon->password->lmpassword.hash)); @@ -698,7 +705,10 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal case NetlogonGenericInformation: { - if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + netlogon_creds_aes_decrypt(creds, + r->in.logon->generic->data, r->in.logon->generic->length); + } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { netlogon_creds_arcfour_crypt(creds, r->in.logon->generic->data, r->in.logon->generic->length); } else { @@ -811,8 +821,12 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal /* It appears that level 6 is not individually encrypted */ if ((r->in.validation_level != 6) && memcmp(sam->key.key, zeros, sizeof(sam->key.key)) != 0) { - /* This key is sent unencrypted without the ARCFOUR flag set */ - if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + /* This key is sent unencrypted without the ARCFOUR or AES flag set */ + if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + netlogon_creds_aes_encrypt(creds, + sam->key.key, + sizeof(sam->key.key)); + } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { netlogon_creds_arcfour_crypt(creds, sam->key.key, sizeof(sam->key.key)); @@ -823,7 +837,11 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal /* It appears that level 6 is not individually encrypted */ if ((r->in.validation_level != 6) && memcmp(sam->LMSessKey.key, zeros, sizeof(sam->LMSessKey.key)) != 0) { - if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { + if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { + netlogon_creds_aes_encrypt(creds, + sam->LMSessKey.key, + sizeof(sam->LMSessKey.key)); + } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { netlogon_creds_arcfour_crypt(creds, sam->LMSessKey.key, sizeof(sam->LMSessKey.key)); |