summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libcli/auth/credentials.c47
-rw-r--r--libcli/auth/proto.h3
2 files changed, 44 insertions, 6 deletions
diff --git a/libcli/auth/credentials.c b/libcli/auth/credentials.c
index d5bf1a6387..9d3df9f523 100644
--- a/libcli/auth/credentials.c
+++ b/libcli/auth/credentials.c
@@ -485,9 +485,10 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
}
}
-void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
- uint16_t validation_level,
- union netr_Validation *validation)
+static void netlogon_creds_crypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+ uint16_t validation_level,
+ union netr_Validation *validation,
+ bool encrypt)
{
static const char zeros[16];
@@ -524,16 +525,29 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->key.key, zeros,
sizeof(base->key.key)) != 0) {
- netlogon_creds_aes_decrypt(creds,
+ if (encrypt) {
+ netlogon_creds_aes_encrypt(creds,
+ base->key.key,
+ sizeof(base->key.key));
+ } else {
+ netlogon_creds_aes_decrypt(creds,
base->key.key,
sizeof(base->key.key));
+ }
}
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
- netlogon_creds_aes_decrypt(creds,
+ if (encrypt) {
+ netlogon_creds_aes_encrypt(creds,
base->LMSessKey.key,
sizeof(base->LMSessKey.key));
+
+ } else {
+ netlogon_creds_aes_decrypt(creds,
+ base->LMSessKey.key,
+ sizeof(base->LMSessKey.key));
+ }
}
} else if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
@@ -554,12 +568,33 @@ void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_Credential
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
if (memcmp(base->LMSessKey.key, zeros,
sizeof(base->LMSessKey.key)) != 0) {
- netlogon_creds_des_decrypt_LMKey(creds,
+ if (encrypt) {
+ netlogon_creds_des_encrypt_LMKey(creds,
&base->LMSessKey);
+ } else {
+ netlogon_creds_des_decrypt_LMKey(creds,
+ &base->LMSessKey);
+ }
}
}
}
+void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+ uint16_t validation_level,
+ union netr_Validation *validation)
+{
+ return netlogon_creds_crypt_samlogon_validation(creds, validation_level,
+ validation, false);
+}
+
+void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+ uint16_t validation_level,
+ union netr_Validation *validation)
+{
+ return netlogon_creds_crypt_samlogon_validation(creds, validation_level,
+ validation, true);
+}
+
/*
copy a netlogon_creds_CredentialState struct
*/
diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h
index 15900d470b..89a732e052 100644
--- a/libcli/auth/proto.h
+++ b/libcli/auth/proto.h
@@ -60,6 +60,9 @@ NTSTATUS netlogon_creds_server_step_check(struct netlogon_creds_CredentialState
void netlogon_creds_decrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
uint16_t validation_level,
union netr_Validation *validation);
+void netlogon_creds_encrypt_samlogon_validation(struct netlogon_creds_CredentialState *creds,
+ uint16_t validation_level,
+ union netr_Validation *validation);
/* The following definitions come from /home/jeremy/src/samba/git/master/source3/../source4/../libcli/auth/session.c */