diff options
-rw-r--r-- | source3/rpc_server/netlogon/srv_netlog_nt.c | 45 |
1 files changed, 21 insertions, 24 deletions
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 6a6c125da9..4f66dfe0de 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1467,6 +1467,15 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, struct auth_context *auth_context = NULL; const char *fn; +#ifdef DEBUG_PASSWORD + logon = netlogon_creds_shallow_copy_logon(p->mem_ctx, + r->in.logon_level, + r->in.logon); + if (logon == NULL) { + logon = r->in.logon; + } +#endif + switch (p->opnum) { case NDR_NETR_LOGONSAMLOGON: fn = "_netr_LogonSamLogon"; @@ -1547,6 +1556,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, status = NT_STATUS_OK; + netlogon_creds_decrypt_samlogon_logon(creds, + r->in.logon_level, + logon); + switch (r->in.logon_level) { case NetlogonNetworkInformation: case NetlogonNetworkTransitiveInformation: @@ -1592,32 +1605,16 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, uint8_t chal[8]; #ifdef DEBUG_PASSWORD - DEBUG(100,("lm owf password:")); - dump_data(100, logon->password->lmpassword.hash, 16); - - DEBUG(100,("nt owf password:")); - dump_data(100, logon->password->ntpassword.hash, 16); -#endif - if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { - netlogon_creds_aes_decrypt(creds, - logon->password->lmpassword.hash, - 16); - netlogon_creds_aes_decrypt(creds, - logon->password->ntpassword.hash, - 16); - } else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) { - netlogon_creds_arcfour_crypt(creds, - logon->password->lmpassword.hash, - 16); - netlogon_creds_arcfour_crypt(creds, - logon->password->ntpassword.hash, - 16); - } else { - netlogon_creds_des_decrypt(creds, &logon->password->lmpassword); - netlogon_creds_des_decrypt(creds, &logon->password->ntpassword); + if (logon != r->in.logon) { + DEBUG(100,("lm owf password:")); + dump_data(100, + r->in.logon->password->lmpassword.hash, 16); + + DEBUG(100,("nt owf password:")); + dump_data(100, + r->in.logon->password->ntpassword.hash, 16); } -#ifdef DEBUG_PASSWORD DEBUG(100,("decrypt of lm owf password:")); dump_data(100, logon->password->lmpassword.hash, 16); |